Submitted by irteam on Tue, 03/26/2019 - 08:47

Ryuk Ransomware normally targets high-level profile or targeted organization.  Ryuk ransomware shares the same code as Hermes Ransomware used by North Korean APT the Lazarus Group. Normally it has been previously infected with Emotet and/or TrickBot malware before Ryuk ransomware was installed.  Admin privilege is required to run the Ryuk ransomware. When it gets infected you will get a ransom note called “RyukReadMe.txt”. Apart from that it can disable security and delete all your backups. A ransom ranging between 15 BTC to 50 BTC is needed to get the key of encryption. However, it is strongly recommended not to pay the ransom.

Affected System
All type of Windows System

Encrypt all files
Personal files inaccessible
Ransom note created on the desktop
Slow internet connection
Slow down PC performance

•    Always have a backup stored in an isolated network environment to successfully recover a compromised system.
•    Patching and updating software is an essential preventative measure when keeping machines up-to-date and safe from threats. 
•    Download a reputable anti-malware software and perform full system scan in safe mode with networking
•    It is strongly recommended not to pay the ransom.
•    Good cyber hygiene and safe practices