Tencent Security reported having spotted Ryuk, the ransomware virus in China and this time the extortion amount touched 11 BTC (785000 Yuan- at press time).
On 17th of July 2019, Tencent Security published a report that has all the details of the ransomware trying to infect systems and encrypting files. Ryuk executed a highly targeted attack on the networks of more than 100 government and private organizations in 2018.
In the Q4 of 2018, the average daily ransom amount jumped from to $6,733 to $12,762 only because of Ryuk. Ryuk is the most sought after ransomware by FBI as its ransom amounts per attack cost somewhere close to $288,000. According to a study conducted by Coveware, Ryuk contributed 18% to the ransomware market in Q1 of 2019.
In the 2018 attacks, Ryuk utilized BitPaymer ransomware and stole the credentials data using Emotet Trojan. The ransomware attack in China follows the same protocol wherein the ransomware is injected into the networks using botnet and spams. This modus operandi is quite similar to that of Hermes and that is why the security experts believe Ryuk to be an enhanced version of Hermes.
As shared by Tencent Security in China the attacks are followed by a blackmail letter that pops up in the internet explorer. The file shows the ransomware name and the two contact email Ids. The Chinese Ryuk is an evolution over the US Ryuk as it is capable of running on 32 and 64-bit blackmail systems simultaneously.