Specialists in system audits have detected a new ransomware variant that has already managed to infect more than a hundred private companies and government institutions in the United States and, most recently, in China. Tencent, the company in charge of the report, claims that the attacks are directed from Asian territory.
The report mentions that this encryption malware is a new variant of the well-known Ryuk ransomware, mainly employed in cyberattacks against logistics & technology companies and local governments. According to an FBI report, the operators of this campaign would have obtained about $5M USD in Bitcoin transfers.
Recently, the government of Lake City, Florida, decided to pay more than $400k USD in Bitcoin to a hacker group after their systems were infected with this ransomware variant, causing a small bureaucratic crisis in the city. Just days earlier, Riviera Beach officials, also in Florida, paid a ransom of more than $500k USD for an infection of the same encryption malware.
According to system audits specialists, the Ryuk ransomware is a variant of the Hermes virus created sometime in 2018. Ryuk infections are usually spread through botnets or spam campaigns and get into victims’ systems by exploiting undefined IP ports.
“When successfully installed, the ransomware proceeds to remove any files that may give away its presence, as well as interrupt the activity of the antivirus software of the infected system”, the specialists mention. Finally, when starting any Internet browser, victims will find the note of the hackers where the ransom is demanded, in addition to the instructions to perform the transfer via Bitcoin (sometimes they may be other variants of virtual asset).
According to system audits experts from the International Institute of Cyber Security (IICS), security firms and agencies like the FBI have been on the trail of this malware for at least a year; as if that were not enough, it has been mentioned that this Chinese variant of Ryuk is capable of running on 32-bit and 64-bit systems, which greatly expands the potential scope of the infection, also, we still ignore the total number of victims so far.