|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:alsoKnownAs
|
gptkb:Ryuk
|
|
gptkbp:associatedWith
|
gptkb:Emotet_malware
gptkb:TrickBot_malware
|
|
gptkbp:connectsTo
|
gptkb:GRIM_SPIDER
gptkb:HERMES_ransomware
gptkb:WIZARD_SPIDER
gptkb:Conti_ransomware_group
|
|
gptkbp:estimatedProfits
|
over $150 million
|
|
gptkbp:firstAppearance
|
2018
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Ryuk ransomware group
|
|
gptkbp:infrastructure
|
uses botnets
uses compromised email accounts
uses exploit kits
uses phishing campaigns
|
|
gptkbp:notableBattle
|
gptkb:attack_on_Tribune_Publishing_(2018)
gptkb:attack_on_Universal_Health_Services_(2020)
|
|
gptkbp:notableFor
|
demanding high ransom payments
targeting large organizations
|
|
gptkbp:operates
|
ransomware-as-a-service
|
|
gptkbp:origin
|
suspected Russia
|
|
gptkbp:ransomNoteExtension
|
.RYK
.RYUK
|
|
gptkbp:ransomwareType
|
crypto-ransomware
|
|
gptkbp:requires
|
Bitcoin payments
|
|
gptkbp:status
|
active (as of 2021)
|
|
gptkbp:target
|
gptkb:Asia
gptkb:Europe
gptkb:North_America
gptkb:government_agency
private companies
healthcare sector
|
|
gptkbp:uses
|
gptkb:Cobalt_Strike
gptkb:Mimikatz
PowerShell scripts
encryption to lock files
manual lateral movement
remote desktop protocol (RDP) brute force
|
|
gptkbp:bfsParent
|
gptkb:Trickbot
|
|
gptkbp:bfsLayer
|
6
|