Lazarus Group-linked Ryuk ransomware targets businesses: report

A new BTC ransomware has emerged targeting businesses, threatening to delete files if the victims don’t pay up. Dubbed Ryuk campaign, there are suggestions the attacks could be linked to a North Korean hacker group known to rely on BTC ransom payments, due to similarities in the coding with an earlier ransomware, according to experts at security company Check Point.

Known as Hermes, the ransomware was linked to the Lazarus Group. If confirmed, Ryuk would become just the latest example of hackers from North Korea relying on BTC for extorting their victims.

In a recently published report, Check Point said the nascent attack has already secured as much as $640,000 from its victims, thought to the result of targeting companies and organizations with the budget to pay larger ransoms.

Once the ransomware infects the host system, an email is sent to the organization demanding immediate payment, and threatening an increase of 0.5 BTC in the ransom for every day the message goes unresponded.

In their email, the suspects would warn companies that their “business is at serious risk,” claiming, “There is a significant hole in the security of your company…You should thank the Lord for being hacked by serious people not some stupid schoolboys or dangerous punks… The final price depends on how fast you write to us. Every day of delay will cost you additional +0.5BTC…Nothing personal just business.”

Check Point, which first exposed the scam, said the attack was much more aggressive than previous generations of BTC ransomware.

“From the exploitation phase through to the encryption process and up to the ransom demand itself, the carefully operated Ryuk campaign is targeting enterprises that are capable of paying a lot of money in order to get back on track,” Check Point experts said.

As a result, the Check Point report concluded that more businesses would like be hit by Ryuk: “After succeeding with infecting and getting paid some $640,000, we believe that this is not the end of this campaign and that additional organizations are likely to fall victim to Ryuk.”

BTC ransomware attacks have been on the increase over the last few months, resulting in a growing number organisations and individuals being forced to give in to their demands. While Ryuk may be newer than other attacks, it looks to be shaping up as one of the most aggressive examples developed to date.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.