Ryuk, a ransomware threat that has been spreading online, has earned the hackers more than 705 bitcoin in five months, which has an estimated value of $3.7 million.
According to a report in The Next Web, a team of cybersecurity firms has tracked the ransomware, which uses email phishing to inject a Trojan dubbed TrickBot into thousands of computers. Hackers then choose the infected machines that they think are owned by a big company or government agency and deploy the ransomware. Ryuk encrypts all hard drives of the targets, requiring payment in bitcoin to unlock the data.
“To date, the lowest observed ransom was for 1.7 BTC and the highest was for 99 BTC,” wrote CrowdStrike, according to the report. “With 52 known transactions spread across 37 BTC addresses (as of this writing), GRIM SPIDER has made 705.80 BTC, which has a current value of $3.7 million (USD). With the recent decline in BTC to USD value, it is likely GRIM SPIDER has netted more.”
The report noted that during the new year, Ryuk was blamed for delaying a number of Tribune Publishing newspapers including the Los Angeles Times, The San Diego Union Tribune, The Wall Street Journal and The New York Times.
While 2019 just kicked off, security professionals are bracing for more ransomware this year. Robert Ackerman, Jr., founder and managing director of cybersecurity venture firm AllegisCyber and co-founder of DataTribe, a cybersecurity startup in Washington, D.C., warned in late December that companies should brace for a rise in breaches this year “as chronically improving malware will be deployed more aggressively on more fronts.” He said that two years after ransomware exploded on the scene, it is likely to see a pickup after a lull last year, as the hackers make more money off of their efforts. He pointed to an FBI estimate that total ransomware payments in the U.S. have exceeded $1 billion.