Hackers behind Ryuk malware pocket over $3.7 million in bitcoin

Security • January 14, 2019, 4:23PM EST

Cybersecurity firms have banded higher to fight Ryuk—ransomware that has already netted the hackers behind it more than 705 bitcoins (approximately $3.7 million) in less than six months. Until recently, GRIM SPIDER, the group behind Ryuk, was believed to be from North Korea. However, CrowdStrike and McAfee suggest the malware originates from Russia.

Ryuk spreads through email phishing campaigns thanks to a Trojan called TrickBot. Large companies and government organisations are the main targets. The victims get their hard drives encrypted and locked until they pay the ransom, which depends on the size and value of the target.

“To date, the lowest observed ransom was for 1.7 BTC and the highest was for 99 BTC”, reported CrowdStrike. “With 52 known transactions spread across 37 BTC addresses (as of this writing), GRIM SPIDER has made 705.80 BTC, which has a current value of $3.7 million. With the recent decline in BTC to USD value, it is likely GRIM SPIDER has netted more.”

More by Carol Gaszcz

Scammers send emails impersonating FCA, offering 'guaranteed' cryptocurrency investment opportunity

July 23, 2019, 12:31PM EDT

Bitcoin

49% of Americans have a cash-back credit card, survey shows

July 23, 2019, 11:20AM EDT

The Block

ARK Invest and 21 Shares cut staking component from latest spot Ethereum ETF filing

Mark Cuban slams SEC's Gary Gensler, says 'crypto voters will be heard' in the 2024 election

Court should deny Coinbase's appeal, SEC says

Colombian President allegedly accepted $500,000 in illicit crypto donation for 2022 campaign

DOJ taps FRA over Sullivan & Cromwell for Binance's 3-year monitorship: report

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro