Ryuk: the new ransomware giant - IronTree

For COVID-19 updates, visit official government website www.sacoronavirus.co.za

Ryuk: the new ransomware giant

Organisations around the world have been hit by a new piece of ransomware known as Ryuk, which has been encrypting PCs, storage centres and data centres in what’s showing itself to be a carefully planned campaign.

Some organisations have paid an exceptionally high ransom to retrieve their files, and the total gain of the attackers has reached more than R9-million so far.

A leading cyber threat intelligence provider, say their analysis of Ryuk’s ransomware code shows a marked similarity to that of HERMES, which has done extensive damage itself: “[We] believe that the current wave of targeted attacks using Ryuk may either be the work of the HERMES operators, the allegedly North Korean group, or the work of an actor who has obtained the HERMES source code.”

Researchers also note that the Ryuk campaign seems to be targeting organisations that are capable of paying a lot of money to get themselves back up and running.


We are taking all necessary precautions around the COVID-19 situation. Our offices are closed and our team members have each been set up to work remotely in self-isolation at home. As far as possible IronTree will maintain business as usual. All our resources such as server platforms, transactional capacity, telephony and electronic communications, including video meeting facilities, have been configured in the cloud and are 100% operational. Please feel free to contact us if you require our assistance. Stay safe!
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.