Wednesday, April 23, 2025
HomeMalwareNCSC Issued an Emergency Alert for Ryuk Ransomware that Actively Attacks on...

NCSC Issued an Emergency Alert for Ryuk Ransomware that Actively Attacks on Global Organizations

Published on

SIEM as a Service

Follow Us on Google News

National Cyber Security Centre (NCSC) from the UK issued an alert for Ryuk ransomware attack that is actively targeting global organization associated with Emotet and TrickBot malware.

Researcher uncovered this ongoing Ryuk ransomware infection identified in the various organization network along with Emotet and TrickBot infection.

Ryuk Ransomware initially uncovered in August 2018 since then it infects and compromise various organization and steals millions of dollars from affected victims.

- Advertisement - Google News

Emotet is one of the notorious malware family that infects various victims around the world and is used as a dropper for initial stage infection by other Trojans.

Trickbot is a banking malware which steals login credentials from applications. Since it was discovered long back ago, the threat actors continuously adding new capabilities to the malware.

Ryuk Ransomware using TrickBot and Emotet malware in its attack chain targeting large organizations for a high-ransom return and the Ryuk believed to be operated by GRIM SPIDER, a sophisticated hacking group.

Ryuk Ransomware infection Functionality

Ryuk ransomware using Emotet for the initial stage of infection and check the victim’s machine, whether it vulnerable to infection or not.

At the same time, Trickbot subsequently deploys additional post-exploitation tools to enable their operations, including powerful
Mimikatz and PowerShell Empire modules.

Post exploitation modules are used for credential harvesting, remotely monitoring of the victim’s workstation to infect a further system in the same network.

Machines infected with Emotet periodically check for modules from a command and control server (C2). These modules are typically DLLs or EXEs which are loaded on an infected system for extending capabilities.

All the non-executable file will be encrypted at the end of the infection process and displaying the ransomware notes with the demand of ransom amount in bitcoin.

“Ryuk is a persistent infection. The malware’s installer will attempt to stop certain antimalware software and install the appropriate version of Ryuk depending on a system’s architecture.”

According to NCSC, The Ryuk ransomware itself does not contain the ability to move laterally within a network, hence the reliance on access via a primary infection, but it does, however, have the ability to enumerate network shares and encrypt those it can access. This, coupled with the ransomware’s use of anti-forensic recovery, a technique to make recovering from backups difficult.

You can read more about the indicators of compromise and NCSC advisory Notes Here.

Read: Ransomware Attack Response and Mitigation Checklist

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Massive Ryuk Ransomware Attack on Entire Computers of Jackson County, Georgia – $400,000 Ransom Paid

A Scary Evolution & Alliance of TrickBot, Emotet and Ryuk Ransomware Attack

Ryuk Ransomware Attack on various Enterprise Network Around the World & Earned $640,000

FIN6 Hackers Group Targeting Enterprise Network to Deploy LockerGoga and Ryuk Ransomware

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans

The Sekoia TDR (Threat Detection & Research) team has reported on a sophisticated network...

Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft

The Socket Threat Research Team has unearthed a trio of malicious packages, two hosted...

Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload

Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into...

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Latest Lumma InfoStealer Variant Found Using Code Flow Obfuscation

Researchers have uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, employing...

North Korean IT Workers Use Real-Time Deepfakes to Infiltrate Organizations Through Remote Jobs

A division of Palo Alto Networks, have revealed a sophisticated scheme by North Korean...

Akira Ransomware Launches New Cyberattacks Using Stolen Credentials and Public Tools

The Akira ransomware group has intensified its operations, targeting over 350 organizations and claiming...