Bitcoin Ransomware Ryuk Virus now affects Enterprises in China

Jul 19 2019

A Ransomware Virus that has been successfully penetrated in more than 100 government and private firms in the U.S. has now reached a global level and detected in China, as per the report of Tencent Security.

Referred to as Ryuk, the destructive code targets “logistics companies, technology companies and small municipalities” with high data value, exacting bounties upwards of $5 million paid in bitcoin, as per the Federal Bureau of Investigation (FBI).

As per the report, Ryuk virus is the upgraded version from Hermes Virus, with code that is being instantly changed later. Based on one story, Ryuk refers to a death spirit in the well-known manga Death Note. As per title, Ryuk has a notebook which can be used to kill a person by writing a person’s name in the book.

Ryuk spreads through the usual botnet and spam methods and penetrates through the undefined IP Ports. As soon as it is installed, the illicit malware deletes all the files linked to the invasion and kills antivirus processes; therefore, it is not discovered by the injected machine. In a specific case, FBI agents found evidence that Ryuk injected via a Remote Desktop Protocols Brute Force Attack.

The agency stated:

“After the attacker has gained access to the victim network, additional network exploitation tools may be downloaded… once executed, Ryuk establishes persistence in the registry, injects into running processes, looks for network connected file systems, and begins encrypting files.”

Researchers at the intelligence center were able to capture and study the virus in action. As per the report, the virus consists of a “RyukReadMe” file that open’s a blackmail letter on a person’s internet browser. The HTML Page consists of two email addresses, name of the virus, and a cryptic phrase “balance of shadow universe.” On replying to the first email address, researchers got instructions and a ransom demand set at 11 Bitcoin.

The intelligence center advised personal users to shutdown Tencent PC Manager and allow file backups, switch off office macros, and stay away from unknown emails.

The report also referred to various Ryuk ransom cases. In the United States, for example, the public administration of La Porte County, Indiana paid $130,000 ransom to become free from viruses. In Lake City, Florida, the local government paid out $460,000 ransom when the computer systems went dark.

The FBI was monitoring the virus since 2018 and have noted several modifications. It was being pointed out that the Chinese variant concurrently runs a 32-bit and 64-bit blackmail module, which might allow further growth of the bug.

It is not yet disclosed how many Chinese businesses have been infected at the press time or the total amount of hackers ransomed.

Comments