Hackers spreading RYUK Ransomware in the United States have now shifted their base to China. Well, this update was given by the Tencent Yujian Threat Intelligence Center which adds that the virus spreading gangs have already targeted 7 Logistics companies and 2 technology companies along with a few municipalities so far demanding 11 Bitcoins as a ransom to free up the database from malware.
Technically speaking, RYUK is a file-encrypting malware which targets databases holding high-value data and demands approximately $5 million in BTC for decryption. The said malware is sophisticated enough to delete all files related to its intrusion and disables all anti-virus processes, thereby hiding the infection vector.
In some instances, the United States FBI detected that RYUK has entered through a Remote Desktop Protocol via a Brute Force Attack.
Till January this year, RYUK Ransomware was seen targeting many US companies.
Now, the developers seem to have shifted their target to enterprises operating in China which run on a 32-bit and 64-bit blackmail module. On July 16 this year, the security analysts working for Tencent have detected the outbreak of the virus on Chinese enterprises and have issued a national alert on this regard.
Yujian Threat Intelligence Center of Tencent is already urging enterprises to install threat monitoring tools to safeguard their networks along with a regular backup plan for data continuity.
Renowned Cybersecurity Companies McAfee and Crowdstrike have already made it official that RYUK originated from Russia and might have links to the note hackers group named “GRIM SPIDER”.