2019 Symposium Posters

Posters > 2019

Ryuk Ransomware Similarity Analysis


Primary Investigator:
Research Independant

Project Members
Colin Cowie
In August 2018 a new type of ransomware named “ryuk” infected several enterprises and encrypted their files for ransom. Unlikely traditional generic ransomware, ryuk disables security controls and is strategically deployed in targeted and well planned attacks. Over $4,000,000 was paid in ransom within the first six month of ryuk being discovered. There is currently no publicly known technique to decrypt files other than paying the ransom cost. Initially ryuk was misattributed to North Korea but it’s now believed to be the efforts of various cybercrime organizations. There has been consistent development and increase in the number of ryuk samples spotted in the wild. This research aimed to track the developments and varieties in ryuk ransomware overtime. Using python, code similarity analysis was performed to clusters different ryuk variants.