Ryuk ransomware gang probably Russian, not North Korean

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
The Ryuk ransomware is most likely the creation of Russian financially-motivated cyber-criminals, and not North Korean state-sponsored hackers, according to reports published this week by four cyber-security firms --Crowdstrike, FireEye, Kryptos Logic, and McAfee.

These companies published these reports this week after several news outlets incorrectly attributed a Ryuk ransomware infection at a major US news media group that took place over the Christmas holiday on North Korean hackers

However, evidence suggests that the ransomware was created by a criminal group that Crowdstrike calls Grim Spider, who appears to have bought a version of the Hermes ransomware from a hacking forum, and modified it to their own requirements into what now is known as the Ryuk ransomware.

The confusion comes from the fact that North Korean state hackers deployed a version of the Hermes ransomware on the network of the Far Eastern International Bank (FEIB) in Taiwan after carrying out a hack in October 2017.

Researchers believe North Korean hackers bought the same Hermes ransomware kit from hacking forums, like the Grim Spider group, and deployed it on the bank's network as a distraction and to cover the tracks of their cyber-heist, and that there is no connection between the Pyongyang regime's hackers and the Ryuk ransomware strain.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top