Ryuk cryptovirus found and studied in China

The Ryuk cryptovirus has made its way to China according to Tencent Yujian Threat Intelligence Center, though the security research agency has not commented on the rate of infection. Tencent Yujian Threat Intelligence Center has advised Chinese businesses and government facilities to take such precautions such as deleting emails from unknown entities, disabling macros support on PCs, closing un-needed ports in firewalls, and performing regular systems backups.

The Tencent Yujian Threat Intelligence Center had been able to capture the virus operating in real-time on an x86 based system. After encryption had begun, researchers located a text file named Readme.txt which contained only two email addresses and the name of the virus. After attempting to communicate via those email addresses, researchers received a ransom demand of 11 Bitcoins.

The Ryuk ransomware virus has slowly made its way through businesses and government facilities globally. There have been recent high-profile attacks in the United States against local government facilities in both Florida and Indiana. One such attack led to the termination of one CIO. Some of those agencies suffered severe financial losses, downtime, and complete loss of local IT systems.

The Ryuk virus is named after a fictional manga character from a series called Death Note. In this series, the character Ryuk is a demon who kills persons where their names have been written in a special notebook. This could suggest that the Ryuk ransomware virus may be a weaponized virus for hire. 

Ryuk appears to be a derivative of the Hermes virus. Tencent Yujian Threat Intelligence Center has noted that this cryptovirus targets sensitive files like databases and Veem backups amongst more traditional file types. Originally thought to be a product of North Korea, security research firm Mcafee and Crowdstrike have suggested that a group within Russia called GRIM Spider could be the source.

Whether Ryuk will impact Chinese government agencies and business heavily is yet to be seen. Unlike the United States, the Chinese government does not depend on Microsoft products which Ryuk seems to target. In 2014 the Chinese government started a program to move all Chinese government servers and PCs from the Microsoft Windows OS to a custom Chinese rolled Linux distribution by 2020. At the time, Chinese officials estimated that 10-15% of systems would be migrated per year, and we are now six months away from that 2020 deadline.