While conducting incident response in early 2021, the French National Cybersecurity Agency (ANSSI) identified a new “Ryuk” ransomware variant that has the capability to self-propagate across victim networks. The variant was specifically observed targeting Windows systems in ransomware campaigns at the beginning of the year (2021). This Ryuk variant can wake up powered-off systems and move through victim networks using scheduled tasks. This enables Ryuk to infect as many hosts as possible, further incentivizing a victim payout. If proven an effective tactic, other ransomware variants could develop similar “wormable” capabilities where those developers have the technical sophistication to do so.

Want these
Threat Intelligence reports sent straight to your inbox?
Subscribe below!
Most Recent Flipbooks
Main story: Attackers seize Microsoft zero-day for malware dissemination, espionage
Main story: Russian cyber attacks on Ukraine: Where’s the boom?
Main story: Karakurt Hacking Team moonlights as Conti side business
RaidForums takedown sends cybercriminals scrambling
Maverick extortionist group Lapsus$ goes after big tech
US executive order pushes for responsible cryptocurrency use
The Russia-Ukraine war has triggered a resurgence of hacktivism around the world
The US government has issued an alert about the Iran-linked "MuddyWater" advanced persistent threat group
Conti ransomware group aims to ascend with new tools, structure
US DoJ arrests shine light on ease and impact of cryptocurrency laundering