FBI Alert TLP White: Indicators of Compromise Associated with Ryuk Ransomware

May 2, 2019

Unknown cybercriminals have targeted more than 100 US and international businesses with Ryuk ransomware since approximately August 2018. Ryuk encrypts files on network shares and an infected computer’s filesystem. Once the victim has been compromised, the actors encrypt all the network’s files and demand sums of up to $5 million worth of Bitcoin (BTC) in exchange for a decryptor program. Ryuk’s targets are varied and indiscriminate, but attacks focus on organizations with high annual revenues in hopes of extracting larger ransoms from the victims. While Ryuk is generally undiscerning about victims, attacks have had a disproportionate impact on logistics companies, technology companies, and small municipalities.

Key Resources

Related Resources

Advisory
HHS Issues Alert on Critical Vulnerability in ‘MOVEit,’ File Transfer Platform Used by Health Care Sector
Public
Special Bulletin
AHA Helps Secure New Cybersecurity Resources from Microsoft and Google to Assist Rural Hospitals
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Two
Public
Special Bulletin
HHS Authorizes UnitedHealth Group to Make Breach Notifications on Behalf of Providers
Member
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part One
Public
Advisory
Agencies Issue Advisory as Ransomware Group Accelerates Attacks on Health Care Sector
Public