Our UK partners have share an important report on Ryuk Malware.
Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally. Ryuk is a targeted ransomware where demands are set according to the victim’s perceived ability to pay.
The Ryuk ransomware is often not observed until a period of time after the initial infection – ranging from days to months – which allows the actor time to carry out reconnaissance inside an infected network, identifying and targeting critical network systems and therefore maximising the impact of the attack.1 But it may also offer the potential to mitigate against a ransomware attack before it occurs, if the initial infection is detected and remedied. Links to other malware - Ryuk ransomware has been linked to other malware families, in particular the Emotet and Trickbot banking trojans, although it could also be dropped by other malware.
Link to full NCSC Report - Advisory: Ryuk ransomware targeting organizations globally: RYUK Advisory draft CP June 2019.pdf