According to researchers at the French National Agency for the Security of Information Systems (ANSSI), the Ryuk ransomware has updated to include worming self-propagation within a local network. The ransomware strain often evolves, however, the newest addition to the destructive tool allows it to spread itself on every reachable machine within the local network within the victim’s IT infrastructure. The variant first emerged in Windows campaigns earlier this year, according to ANSSI.
The ANSSI stated that the ransomware is also now capable of self-replication through SMB shares and port scanning as part of the new arsenal. The ransomware scans for network shares and then copies a unique version of the ransomware executable for each machine found. The new version also reads through Address Resolution Protocol tables on infected devices, using this information to send code that wakes up powered-off computers.