Research by CrowdStrike and FireEye sheds light on the success and modus operandi of Grim Spider, the threat group behind Ryuk ransomware. Over the last six months, Grim Spider has only gone after enterprises, a strategy that seems to be paying off, since the threat actors have already earned about $3,7 million from ransomware payments.
Researches have noticed that Grim Spider only targets enterprises whose systems have been infected with the TrickBot Trojan. Surprisingly, the threat actors wait multiple months after a TrickBot infection before they hit a company with a Ryuk attack.
Read more: https://www.helpnetsecurity.com/2019/01/15/enterprise-ryuk-ransomware/