- CREATED 10 HOURS AGO by AlienVault
- Public
- TLP: White
Ryuk ransomware, which encrypts files and demands payment in Bitcoin for the release of the keys used to decrypt them, is now targeting web servers, according to a report published by McAfee.REFERENCE:https://www.mcafee.com/enterprise/en-us/assets/reports/rp-ryuk-ransomware-targeting-webservers.pdf
TAGS:ryuk, ransomware
MALWARE FAMILY:Ryuk
ATT&CK IDS:T1134 – Access Token Manipulation, T1059.003 – Windows Command Shell, T1471 – Data Encrypted for Impact, T1083 – File and Directory Discovery, T1222.001 – Windows File and Directory Permissions Modification, T1562.001 – Disable or Modify Tools, T1036 – Masquerading, T1106 – Native API, T1057 – Process Discovery, T1053.005 – Scheduled Task, T1489 – Service Stop, T1016 – System Network Configuration Discovery, T1205 – Traffic Signaling, T1078.002 – Domain Accounts, T1497.001 – System Checks, T1135 – Network Share Discovery, T1082 – System Information Discovery, T1021 – Remote Services, T1598.002 – Spearphishing Attachment