Ryuk-related Malware Steals Confidential Financial, Military Files
A new stealer malware that shares code similarities with the Ryuk ransomware is scanning infected systems for confidential files instead of encrypting and demanding a ransom from the victim. The malware is probably being installed manually or dropped as a package after an initial compromise. When executed, the malware scans the file system for Word and Excel documents and compares them against a list of financial, military and government related strings. This is likely to identify potential sensitive or confidential files that are worth stealing. Currently, the exact connection between the malware stealer and the Ryuk ransomware cannot be determined.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services