Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
#1
Quote:The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.

Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is powered down.

According to a recent analysis of the Ryuk Ransomware by SentinelLab's Vitali Kremez, when the malware is executed it will spawn subprocesses with the argument '8 LAN'.

[Image: Ryuk.png]


[Image: timigate-readmore.gif]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  QNAP warns of new Checkmate ransomware targeting NAS devices mrtrout 0 756 07-07-2022 , 11:13 PM
Last Post: mrtrout
  Ryuk ransomware hits 700 Spanish government labor agency offices mrtrout 0 1,263 03-10-2021 , 07:38 PM
Last Post: mrtrout
  Ryuk ransomware now self-spreads to other Windows LAN devices mrtrout 0 1,014 02-26-2021 , 09:40 PM
Last Post: mrtrout
  Italian beverage vendor Campari knocked offline after ransomware attack mrtrout 0 1,172 11-06-2020 , 02:42 AM
Last Post: mrtrout
  Update Sodinokibi ransomware can now encrypt open guardian 0 1,387 05-11-2020 , 03:37 AM
Last Post: guardian



Users browsing this thread: 2 Guest(s)