ryuk

General

Target

748f2eb6ab11cdadd9a9db133aa4731c10de8c6a6f77d7da56a3e1e92615aa43
Size

205KB
Sample

220220-gedxlahcc5
MD5

9a93f9da4f9556fde6ba47ed634bf5ca
SHA1

56d1f6d60411119dbd5e58581af2440cc6acc78d
SHA256

748f2eb6ab11cdadd9a9db133aa4731c10de8c6a6f77d7da56a3e1e92615aa43
SHA512

9f77b6f8c0847d1a9f4aacd75bac316e204b1d18cf83d23fb189e0b6bc8ac06e1307cb0bea2d0d9d030d930fc22a9e661a6097f073168e6f3260978f7b614e9e

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each network host have been encrypted with a strong algorithm. Backups were encrypted too. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. Only we have exclusive decryption software, suitable for your situation. More than a year ago, world experts recognized the impossibility of such encryption deciphering by any means except the original decoder. No decryption software is available in the public. Antivirus companies, researchers, IT specialists, and any other persons cannot help you to decipher the data. Decryption takes from ten minutes up to several hours. It is performed automatically and doesn't require from you any actions except decoder launching. DO NOT RESET OR SHUTDOWN SYSTEM � files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions. Send 2 different random files and you will get them back decrypted. It can be from different computers on your network to be sure that one key decrypts everything. We will unlock 2 files for free. To get info (decrypt your files) contact us a [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Emails

[email protected]

Targets

- Target
  
  748f2eb6ab11cdadd9a9db133aa4731c10de8c6a6f77d7da56a3e1e92615aa43
- Size
  
  205KB
- MD5
  
  9a93f9da4f9556fde6ba47ed634bf5ca
- SHA1
  
  56d1f6d60411119dbd5e58581af2440cc6acc78d
- SHA256
  
  748f2eb6ab11cdadd9a9db133aa4731c10de8c6a6f77d7da56a3e1e92615aa43
- SHA512
  
  9f77b6f8c0847d1a9f4aacd75bac316e204b1d18cf83d23fb189e0b6bc8ac06e1307cb0bea2d0d9d030d930fc22a9e661a6097f073168e6f3260978f7b614e9e
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2