Photo Cred To Giovanni Portelli Via Flickr
Threat Intelligence Centre- Tencent Yujian- has announced the presence of the Ryuk ransomware virus in China. The Ryuk virus, however, is not new to the Crypto sphere, as it has infiltrated both private and public establishments in the United States of America. It is a malicious code that targets government agencies, tech firms and small establishments that possess large volumes of data and demands payment of about 5 million USD in bitcoin. Ryuk stems from the name “Grim Spider” which is an eCrime group. It has been said that the group is operating out of Russia. They have made an impact in the Bitcoin space over the years, as their ransomware has resulted in collecting $3,000,000 in BTC.
Recent Ransomware Attacks
The information about the virus’s presence in the Chinese crypto sphere was released by Tencent in a report that was published on the 16th of July 2019. Based on what was contained in the report, Ryuk viruses are a genus of malware designed to attack government and establishment machines that hold important data. The report also made public that a Ryuk virus stems from the Hermes virus, with code that is directly adapted off the latter.
As recorded in the report, Ryuk is named after the death spirit in the popular manga Death Note. Ryuk was implicated in the Tribune Publishing’s hack which affected all the media firm’s outlets. Also, In June, officers in Lake City, Florida were made to pay a 460,000 USD ransom after the city’s computer systems went blank. Interestingly, this was barely two weeks after Florida’s Riviera Beach 600,000 USD hijack. The efforts of this eCrime group is definitely not the best look for China. China is currently experience an environment where regulators are trying to deter the use of cryptocurrency in all situations. News like this will not help regulators change their future outlook.
Scientists at the intelligence center- Tencent Yujian- were supposedly able to gain control and scrutinize the virus in action. The report revealed that the virus came joined with a ReadMe note which contained two email addresses. After replying to the first email address, the scientists got instructions and a ransom demand set at 11 Bitcoin. The blackmail message is opened on the victim’s internet browser. The html webpage shows only the two hacker’s email addresses in the upper left-hand corner, the name of the virus in the centre of the page, and the ambiguous phrase-balance of shadow universe-in the bottom right corner.
Best Antivirus 2019
The intelligence center has advised private users to run Tencent PC Manager and permit file backups, turn off Office macros, and also to stay away from unfamiliar emails. According to the agency, the malicious malware once installed will delete all files linked with the intrusion, and disrupt antivirus processes, thereby disguising the infection vector.
However, the process is not entirely the same as in one situation, FBI agents acquired evidence that Ryuk went in through a Remote Desktop Protocols brute force attack. Describing the mechanism of the attack, the agency revealed that after the attacker has gotten access to the victim network, more network manipulation tools may be downloaded. They revealed that once executed, Ryuk launches persistence in the registry, becomes part of the running processes, looks for network connected file systems, and begins the process of encrypting files.
The FBI has been following the virus since 2018 and have observed several alterations. It has been stated the Chinese version concurrently runs a 32-bit and 64-bit blackmail module, which may allow advanced development of the bug.