Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook

[-]
Tags
offline wake ryuk encrypt ransomware lan uses devices

Mohammad.PooryaRyuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
#1
Quote:The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.

Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is powered down.

According to a recent analysis of the Ryuk Ransomware by SentinelLab's Vitali Kremez, when the malware is executed it will spawn subprocesses with the argument '8 LAN'.

[Image: Ryuk.png]


[Image: timigate-readmore.gif]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Update Sodinokibi ransomware can now encrypt open guardian 0 257 05-11-2020 , 03:37 AM
Last Post: guardian
  Ryuk ransomware gang probably Russian, not North Korean Mohammad.Poorya 0 642 01-11-2019 , 08:06 PM
Last Post: Mohammad.Poorya
  Ryuk ransomware attacks businesses over the holidays Mohammad.Poorya 0 631 01-09-2019 , 06:01 AM
Last Post: Mohammad.Poorya
  After SamSam, Ryuk Shows Targeted Ransomware is Still Evolving Mohammad.Poorya 0 585 12-19-2018 , 01:09 PM
Last Post: Mohammad.Poorya
  Ryuk Ransomware extension .RYK!Demonstration of attack video review. Mohammad.Poorya 0 503 12-06-2018 , 03:57 AM
Last Post: Mohammad.Poorya

Forum Jump:


Users browsing this thread: 1 Guest(s)