Ryuk Ransomware Similarity Analysis
Primary Investigator:
Research Independant
Colin Cowie
Abstract
In August 2018 a new type of ransomware named “ryuk” infected several enterprises and encrypted their files for ransom. Unlikely traditional generic ransomware, ryuk disables security controls and is strategically deployed in targeted and well planned attacks. Over $4,000,000 was paid in ransom within the first six month of ryuk being discovered. There is currently no publicly known technique to decrypt files other than paying the ransom cost.
Initially ryuk was misattributed to North Korea but it’s now believed to be the efforts of various cybercrime organizations. There has been consistent development and increase in the number of ryuk samples spotted in the wild. This research aimed to track the developments and varieties in ryuk ransomware overtime. Using python, code similarity analysis was performed to clusters different ryuk variants.