Ryuk ransomware group

GPTKB entity

Statements (40)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:alsoKnownAs gptkb:Ryuk
gptkbp:associatedWith gptkb:Emotet_malware
gptkb:TrickBot_malware
gptkbp:connectsTo gptkb:GRIM_SPIDER
gptkb:HERMES_ransomware
gptkb:WIZARD_SPIDER
gptkb:Conti_ransomware_group
gptkbp:estimatedProfits over $150 million
gptkbp:firstAppearance 2018
https://www.w3.org/2000/01/rdf-schema#label Ryuk ransomware group
gptkbp:infrastructure uses botnets
uses compromised email accounts
uses exploit kits
uses phishing campaigns
gptkbp:notableBattle gptkb:attack_on_Tribune_Publishing_(2018)
gptkb:attack_on_Universal_Health_Services_(2020)
gptkbp:notableFor demanding high ransom payments
targeting large organizations
gptkbp:operates ransomware-as-a-service
gptkbp:origin suspected Russia
gptkbp:ransomNoteExtension .RYK
.RYUK
gptkbp:ransomwareType crypto-ransomware
gptkbp:requires Bitcoin payments
gptkbp:status active (as of 2021)
gptkbp:target gptkb:Asia
gptkb:Europe
gptkb:North_America
gptkb:government_agency
private companies
healthcare sector
gptkbp:uses gptkb:Cobalt_Strike
gptkb:Mimikatz
PowerShell scripts
encryption to lock files
manual lateral movement
remote desktop protocol (RDP) brute force
gptkbp:bfsParent gptkb:Trickbot
gptkbp:bfsLayer 6