CyberNews Briefs

Ryuk Ransomware now has Worming Self-Propagation

According to researchers at the French National Agency for the Security of Information Systems (ANSSI), the Ryuk ransomware has updated to include worming self-propagation within a local network. The ransomware strain often evolves, however, the newest addition to the destructive tool allows it to spread itself on every reachable machine within the local network within the victim’s IT infrastructure. The variant first emerged in Windows campaigns earlier this year, according to ANSSI.

The ANSSI stated that the ransomware is also now capable of self-replication through SMB shares and port scanning as part of the new arsenal. The ransomware scans for network shares and then copies a unique version of the ransomware executable for each machine found. The new version also reads through Address Resolution Protocol tables on infected devices, using this information to send code that wakes up powered-off computers.

Read More: Ryuk Ransomware now has Worming Self-Propagation

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.