Smart ransomware that is distributed by computers on the same network

Ransomware is one of the most dangerous threats in the computer world, a virus capable of blocking a computer and requesting a ransom (usually in bitcoins) for the criminal to unlock the infected computer. Thousands of computers from institutions of various types, including hospitals, have been infected with ransomware in recent years, preventing access to information that was often critical to being able to open the business.

The case is that until now the infection was performed on a single computer on the network, it was easy to isolate it so that the attacker does not infect others of the same company, but the issue is evolving.

A new version of the Ryuk ransomware may act as a worm to spread over infected networks. Ryuk is one of the best-known forms of ransomware, has generated more than $100 million to criminals who use it by crippling systems, and is regularly updated to maintain its effectiveness. The point is that France's national cybersecurity agency they have warned that the latest version of Ryuk is capable of self-replicating on a local network.

🇬🇧 The Ryuk Ransomware – CERT-FR (

The ransomware can spread over the network using Wake-on-LAN, a feature that allows Windows computers to be turned on remotely by another machine on the same network. By spreading to all machines accessible on the network, Ryuk's attack can be much more damaging.

The agency's article warns that Ryuk remains particularly active, attacked at least one hospital during these last months, institutions that tend to give in to ransom demands due to the criticality of their systems (there are lives at stake), although nothing guarantees that by making payment the virus will disappear or does not return a few days later.

Usually, the first infection is done by phishing, and once successful, they can reproduce over the network without the victim receiving it.

In addition to having the latest security updates on the network, institutions must invest in training so that employees do not fall into the traps of hackers, since accessing a fake website to enter passwords is usually the first step of a computer security hell.

Post a Comment