Finance

Ryuk-related Malware Steals Confidential Financial, Military Files

10 - 17 September 2019

A new stealer malware that shares code similarities with the Ryuk ransomware is scanning infected systems
Cyber_News_Finance

A new stealer malware that shares code similarities with the Ryuk ransomware is scanning infected systems for confidential files instead of encrypting and demanding a ransom from the victim. The malware is probably being installed manually or dropped as a package after an initial compromise. When executed, the malware scans the file system for Word and Excel documents and compares them against a list of financial, military and government related strings. This is likely to identify potential sensitive or confidential files that are worth stealing. Currently, the exact connection between the malware stealer and the Ryuk ransomware cannot be determined.

 

References:

Ryuk Related Malware Steals Confidential Military, Financial Files

Vitali Kremez (Twitter)

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence