███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

Ryuk

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

Ryuk

CATEGORY:

RANSOMWARE

DESCRIPTION:

Ryuk is ransomware known for targeting large organizations and asking for rather large ransom payments to recover the encrypted files. The infection has been associated with emails that contain malicious attachments that first deliver Emotet, which is used to deliver modular payloads such as Ryuk. Ryuk encrypts a user's files using AES-256 + RSA2048 encryption algorithms.

ALIASES:

Ransom.Ryuk

TAGS:

file_encryptiontargeted_attackemotet

[MUTEX_SIGNATURES](1)

[MUTEX_01]

rykmutex

ANALYST: @adhikara13 DATE: 2023-06-09

REFERENCES:

https://blog.talosintelligence.com/threat-roundup-0602-0609-23/

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.ryuk.smb

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Wizard Spider

FIRST_OBSERVED:

2018

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:1

TAGS:3

CATEGORY:RANSOMWARE

Malware profile loaded successfully