Virus-extortionist Ryuk, blocking access to the data on the infected computer, and opening it only after payment of ransom illegal, but quite profitable business. Over 5 months, victims of the virus paid the extortionists over 700 bitcoins. Initially it was thought that this virus is the handiwork of hackers from North Korea, however, after analyzing the data, experts now believe that the trail leads to Russia.
To such conclusion experts from CrowdStrike and McAfee Labs, analyzing the technical details related to the virus. McAfee found a lot in common in the code of Ryuk and virus Hermes, manifested itself in 2017 and associated with Russian hackers.
In particular, one feature of the virus was the fact that it could not be used against the computer, one of the system languages which were Russian, Ukrainian or Belarusian. According to them, Ryuk is technically a development of the Hermes and is based on his code.
CrowdStrike also believes the virus Ryuk the reincarnation of Hermes, however, stating that the latter had sold on Internet forums for $300, so theoretically it could have been by anyone from any country. Both companies believe that in recent attacks using this virus is a hacker group the orange SPIDER.
The first cases of a new virus-the extortioner recorded in August, but it occurred immediately after the New year. Lose virus systems publishing house Tribune Publishing has delayed the release of a number of prominent American publications, including the Los Angeles Times, the San Deigo Union Tribune, Wall Street Journal and New York Times.
Another characteristic feature of the virus, named after a character in a Japanese manga series – a differentiated approach to the amount of ransom. The virus attacks mainly the corporate network, but the amount of ransom required for unlocking the data differs significantly depending on the scale of the target or view of hackers on it. The researchers argue that cases demanding the amount of redemption in the amount of from 1.7 up to 99 bitcoins bitcoin.
We will remind, in August came a curious report on the results of a survey of 750 employees of large British companies – half of respondents admitted that their organization has some amounts in the cryptocurrency, in particular bitcoin, specifically for this purpose. Ie, in most cases, companies buy and store your crypt to be able to pay the required ransom by hackers.