Ryuk ransomware has been active since August 2018 and has been used in several attack campaigns that have targeted publishing and media corporations.
The ransomware has been named “Ryuk” based on its ransom note signature. These targeted attacks have caused several major service disruptions, including at the Tribune Group where it stopped the printing of newspapers for a period of time. The Los Angeles Times, the Tribune Group, and Data Resolution Cloud Service have also been victims of Ryuk ransomware attacks.
The report is a sample of the threat research conducted by Cysiv and regularly made available to SOC-as-a-Service customers.
Download this report to access a detailed description of the TTPs used by this ransomware, and a list of indicators of compromise (IOCs).