Ryuk is a common and dangerous strain of crypto-ransomware that uses encryption to block access to a system, device or file until ransom has been paid to the attacker. Ryuk ransomware attack has been attributed to a cybercriminal group known as CryptoTech. In its encryption process, Ryuk specifically targets backups - making recovery from a Ryuk attack especially difficult. Systems are typically infected with Ryuk ransomware by other malware variants such as TrickBot or Emotet or by gaining access to a system via Remote Desktop Services. Ryuk is typically the last piece of malware dropped in an infection cycle. Ryuk ransomware is different than Hermes ransomware but is derived from the Hermes source code. Post Ryuk virus hijacking the system, the Ryuk ransom note is written to a file named RyukReadMe.txt. The body of the template is static with the exception of the email address and the Bitcoin (BTC) wallet address.
Ensuring that a multi-layered cloud email security solution that utilizes real-time URL scanning and broad-type file analysis to prevent ransomware emails from reaching the inbox is in place is the most effective way to safeguard your email against ransomware and other malicious attacks.