Nearly 3.7 million dollars in less than 6 months. Particularly twisted, this malware spotted for the first time in August 2018 exploits new schemes that pay big.
As evidenced by this new wave of ransomware attacks jointly detected by Crowdstrike and FireEye researchers, hackers tend to target their victims more and more finely.
Instead of spreading malware on any computer to encrypt their data and then claiming a ransom against their restitution to their owners, they infiltrated for several months very discreetly in networks of companies to identify most interesting targets. In concrete terms, they favored executives and managers of companies most likely to pay large sums.
According to the researchers, the group of pirates behind this attack – called Grim Spider – used TrickBot Trojans to get into targeted machines through some kind of phishing. Hackers then used TrickBot to carefully select their targets before deploying their malware .
A jackpot for authors:
Since last August, Ryuk has reportedly extracted no less than $ 3.7 million in bitcoins (705.80 BTC) through only 52 transactions. For now, the authors have not been identified by researchers, but rumors are rife. At first, some specialized media had announced that Ryuk was flown by the group of North Korean hackers known as Lazarus. According to CrowdStrike, several clues, including a suspicious download located in Moscow, would lead to believe that it would be Russian hackers.