Hackers behind Ryuk malware pocket over $3.7 million in bitcoin

Cybersecurity firms have banded higher to fight Ryuk—ransomware that has already netted the hackers behind it more than 705 bitcoins (approximately $3.7 million) in less than six months. Until recently, GRIM SPIDER, the group behind Ryuk, was believed to be from North Korea. However, CrowdStrike and McAfee suggest the malware originates from Russia.

Ryuk spreads through email phishing campaigns thanks to a Trojan called TrickBot. Large companies and government organisations are the main targets. The victims get their hard drives encrypted and locked until they pay the ransom, which depends on the size and value of the target.

“To date, the lowest observed ransom was for 1.7 BTC and the highest was for 99 BTC”, reported CrowdStrike. “With 52 known transactions spread across 37 BTC addresses (as of this writing), GRIM SPIDER has made 705.80 BTC, which has a current value of $3.7 million. With the recent decline in BTC to USD value, it is likely GRIM SPIDER has netted more.”