"Ryuk Ransomware Updated With 'Worm-Like Capabilities'"

A report recently released by CERT-FR, the French government's computer emergency readiness team, recently issued a report about a new Ryuk ransomware variant with worm-like capabilities that allow it to spread automatically within the networks it infects. According to CERT-FR, Ryuk now propagates itself from machine to machine within the Windows domain by using scheduled tasks. After the ransomware is launched, it spreads itself on every reachable machine on which Windows Remote Procedure Call (RPC) access is possible. The RPC service supports communication between Windows processes. The addition of worm-like capabilities to Ryuk ransomware indicates that its operators are attempting to improve the automation of their ability to rapidly spread malware from one infected system to multiple systems across a network in order to reduce the "intrusion to infection" time. This article continues to discuss the update of Ryuk ransomware with worm-like capabilities, as well as the history, prevalence, distribution, and human operation of Ryuk.

BankInfoSecurity reports "Ryuk Ransomware Updated With 'Worm-Like Capabilities'"