ryuk

General

Target

2024-02-01_35b13a59b337817d0dd970851a787ebe_ryuk
Size

212KB
Sample

240201-q1alqsgehn
MD5

35b13a59b337817d0dd970851a787ebe
SHA1

2c76b02c2c1b84bad236a89b7a2021694901ac8d
SHA256

146a9cad779f2ded42d1254c7c722742fb25d3871babe0dc76555ee28b65a6f8
SHA512

0c4c542a96e177284bec34295cf03122df88847c750d036bc577b62b75c0b4d58756b21500a01018855dd307c57a6238bb866345a3bab1be9dc76b6403fedce2
SSDEEP

3072:skoemwJEECCvcVbQQFrUoR19V6To0Hqs3WvS1:ZEECCElQk3wqF+

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each network host have been encrypted with a strong algorithm. Backups were encrypted too. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. Only we have exclusive decryption software, suitable for your situation. More than a year ago, world experts recognized the impossibility of such encryption deciphering by any means except the original decoder. No decryption software is available in the public. Antivirus companies, researchers, IT specialists, and any other persons cannot help you to decipher the data. Decryption takes from ten minutes up to several hours. It is performed automatically and doesn't require from you any actions except decoder launching. DO NOT RESET OR SHUTDOWN SYSTEM � files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions. Send 2 different random files and you will get them back decrypted. It can be from different computers on your network to be sure that one key decrypts everything. We will unlock 2 files for free. To get info (decrypt your files) contact us a [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Emails

[email protected]

Targets

- Target
  
  2024-02-01_35b13a59b337817d0dd970851a787ebe_ryuk
- Size
  
  212KB
- MD5
  
  35b13a59b337817d0dd970851a787ebe
- SHA1
  
  2c76b02c2c1b84bad236a89b7a2021694901ac8d
- SHA256
  
  146a9cad779f2ded42d1254c7c722742fb25d3871babe0dc76555ee28b65a6f8
- SHA512
  
  0c4c542a96e177284bec34295cf03122df88847c750d036bc577b62b75c0b4d58756b21500a01018855dd307c57a6238bb866345a3bab1be9dc76b6403fedce2
- SSDEEP
  
  3072:skoemwJEECCvcVbQQFrUoR19V6To0Hqs3WvS1:ZEECCElQk3wqF+
Score

10^/10

ryuk ransomware
- Ryuk
  Ransomware distributed via existing botnets, often Trickbot or Emotet.
  ransomware ryuk
- Detects command variations typically used by ransomware
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects command variations typically used by ransomware

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2