Photo Cred To Giovanni Portelli Via Flickr

Threat Intelligence Centre- Tencent Yujian- has announced the presence of the Ryuk ransomware virus in China. The Ryuk virus, however, is not new to the Crypto sphere, as it has infiltrated both private and public establishments in the United States of America. It is a malicious code that targets government agencies, tech firms and small establishments that possess large volumes of data and demands payment of about 5 million USD in bitcoin. Ryuk stems from the name “Grim Spider” which is an eCrime group. It has been said that the group is operating out of Russia. They have made an impact in the Bitcoin space over the years, as their ransomware has resulted in collecting $3,000,000 in BTC.

Recent Ransomware Attacks 

The information about the virus’s presence in the Chinese crypto sphere was released by Tencent in a report that was published on the 16th of July 2019. Based on what was contained in the report, Ryuk viruses are a genus of malware designed to attack government and establishment machines that hold important data. The report also made public that a Ryuk virus stems from the Hermes virus, with code that is directly adapted off the latter.

As recorded in the report, Ryuk is named after the death spirit in the popular manga Death Note. Ryuk was implicated in the Tribune Publishing’s hack which affected all the media firm’s outlets.  Also, In June, officers in Lake City, Florida were made to pay a 460,000 USD ransom after the city’s computer systems went blank. Interestingly, this was barely two weeks after Florida’s Riviera Beach 600,000 USD hijack. The efforts of this eCrime group is definitely not the best look for China. China is currently experience an environment where regulators are trying to deter the use of cryptocurrency in all situations. News like this will not help regulators change their future outlook.

Scientists at the intelligence center- Tencent Yujian- were supposedly able to gain control and scrutinize the virus in action. The report revealed that the virus came joined with a ReadMe note which contained two email addresses. After replying to the first email address, the scientists got instructions and a ransom demand set at 11 Bitcoin. The blackmail message is opened on the victim’s internet browser. The html webpage shows only the two hacker’s email addresses in the upper left-hand corner, the name of the virus in the centre of the page, and the ambiguous phrase-balance of shadow universe-in the bottom right corner.

Best Antivirus 2019 

The intelligence center has advised private users to run Tencent PC Manager and permit file backups, turn off Office macros, and also to stay away from unfamiliar emails. According to the agency, the malicious malware once installed will delete all files linked with the intrusion, and disrupt antivirus processes, thereby disguising the infection vector.

However, the process is not entirely the same as in one situation, FBI agents acquired evidence that Ryuk went in through a Remote Desktop Protocols brute force attack. Describing the mechanism of the attack, the agency revealed that after the attacker has gotten access to the victim network, more network manipulation tools may be downloaded. They revealed that once executed, Ryuk launches persistence in the registry, becomes part of the running processes, looks for network connected file systems, and begins the process of encrypting files.

The FBI has been following the virus since 2018 and have observed several alterations. It has been stated the Chinese version concurrently runs a 32-bit and 64-bit blackmail module, which may allow advanced development of the bug.

Notice: Information contained herein is not and should not be construed as an offer, solicitation, or recommendation to buy or sell securities. The information has been obtained from sources we believe to be reliable; however no guarantee is made or implied with respect to its accuracy, timeliness, or completeness. Authors may own the crypto currency they discuss. The information and content are subject to change without notice. Visionary Financial and its affiliates do not provide investment, tax, legal or accounting advice. This material has been prepared for informational purposes only and is the opinion of the author, and is not intended to provide, and should not be relied on for, investment, tax, legal, accounting advice. You should consult your own investment, tax, legal and accounting advisors before engaging in any transaction. All content published by Visionary Financial is not an endorsement whatsoever. Please also visit our Privacy policy; disclaimer; and terms and conditions page for further information.