Shares tag: Ryuk • Published within a week
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
2019-01-10 • Crowd Strike •
https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/
CrowdStrike attributes Ryuk ransomware operations to WIZARD SPIDER and the GRIM SPIDER subgroup, describing a big-game hunting model against large organizations for high ransom returns. The source notes Ryuk's operation since August 2018 and distinguishes the criminal enterprise from earlier speculation about North Korean attribution. Relevant TTPs include targeted post-compromise deployment and enterprise disruption rather than opportunistic mass ransomware distribution.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 795db7bdad1befdd3ad942be79715f6… | 2019-01-10 | 2019-01-10 |
| HASH | 5e2c9ec5a108af92f177cabe23451d2… | 2019-01-10 | 2019-01-10 |
| HASH | ac648d11f695cf98993fa519803fa26… | 2019-01-10 | 2019-01-10 |
| HASH | 78c6042067216a5d47f4a338dd95184… | 2019-01-10 | 2019-01-10 |
| HASH | 501e925e5de6c824b5eeccb3ccc5111… | 2019-01-10 | 2019-01-10 |
| HASH | fe909d18cf0fde089594689f9a69fbc… | 2019-01-10 | 2019-01-10 |