French authorities discover self-distributed variant Ryuk ransomware

Spread the love

The French cybersecurity agency Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) has discovered a new variant of the Ryuk ransomware. The new variant can spread itself to Windows machines on a local network.

The new variant was discovered early this year by ANSSI during an investigation into a ransomware attack, Bleeping Computer reports. According to the French agency, the malware can send itself to other Windows machines within the same network, using RPC.

To do this, the malware checks IP addresses in the local ARP cache and then sends a WOL packet to the Windows machines it finds. When successful, the ransomware proceeds to encrypt data. The spread can be stopped, according to ANSSI, by changing the password of the infected account or deleting the user.

The Ryuk ransomware first surfaced in August 2018 and several variants have surfaced since then. According to Bleeping Computer, one in three ransomware infections is Ryuk ransomware. Never before has the malware spread itself to other machines in this way.

You might also like
Exit mobile version