French version: 🇫🇷


First observed in August 2018, the Ryuk ransomware has since been used in Big Game Hunting operations. It is characterized by the use of different infection chains and the extreme speed of the Bazar-Ryuk chain, as well as the absence of a dedicated leak site. A Ryuk variant with worm-like capabilities, allowing it to spread automatically over the local network, was recently discovered during incident response. Please see Appendices of the report for additional information on this variant and how to contain its propagation.

This updated report provides a synthesis of ANSSI’s knowledge on Ryuk.

Indicators of compromise are available in structured formats on the page CERTFR-2020-IOC-005.