01-14-2020 , 11:28 AM
Quote:The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.
Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is powered down.
According to a recent analysis of the Ryuk Ransomware by SentinelLab's Vitali Kremez, when the malware is executed it will spawn subprocesses with the argument '8 LAN'.
![[Image: Ryuk.png]](https://www.bleepstatic.com/content/hl-images/2018/08/21/Ryuk.png)
![[Image: timigate-readmore.gif]](https://4.bp.blogspot.com/-uNCqlyKYoZ0/Waaqv6PcBkI/AAAAAAAABhM/SdZNJPiv_dEpDVutSS_UQgmYLyI5oFthwCLcBGAs/s1600/timigate-readmore.gif)