New-look Ryuk ransomware is now deadlier than ever

A worm-like ransomware is the stuff of nightmares

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Ryuk, one of the most prolific and resilientransomwarestrains, has taken on newworm-likecapabilities, according to security researchers.

The ransomware is operated by Russian cybercriminal syndicate Wizard Spider, and has been infecting victims for several years. It’s been on the radar of several cybersecurity agencies, especially since its operators were ruthless enough toattack healthcare facilitiesin the middle of the Covid19-pandemic.

Analyzing a new sample of the ransomware at the National Agency for the Security of Information Systems (ANSSI), France’s national cybersecurity agency, researchers discovered that Ryuk can now spread from one machine to another on its own.

Self-propagating ransomware

Self-propagating ransomware

The ANSSI report notes that Ryuk isn’t known to propagate automatically within the network. Also, while the French researchers haven’t seen Ryuk being offered for sale on the dark web, Deloitte researchers believe the ransomware is sold as a toolkit to attackers, which means there could be several variants in circulation

In the report, ANSSI discusses a sample discovered during an incident response in early 2021, which exhibited previously absent worm-like capabilities. Using its newfound powers, the ransomware was seen to automatically spread and infect other machines in the network.

“Through the use of scheduled tasks, the malware propagates itself - machine to machine - within the Windows domain.Once launched, it will thus spread itself on every reachable machine on which Windows RPC accesses are possible,” explained the researchers.

It’s not known whether the French cybersecurity agencies have shared details about the new strain with their counterparts in other countries.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However, Ryuk has previously been the subject of a joint advisory from CISA, FBI and Department of Health and Human Services, triggered by the attack on US hospitals last year.

ViaCyberscoop

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Google Pixel 9 vs Samsung Galaxy S24: which base model is better?