Hidden Dangers of Ryuk Ransomware

Ransomware is a type of malware whereby a victim is tricked into downloading a malicious program on their Windows computer which encrypts most of their files - and then demands a ransom payment in order to get the key to unlock and restore the files. In the past two years, more than one million Windows computers were subjected to ransomware attacks, costing their victims more than ten billion dollars. These attacks have been mainly from the WannaCry and NotPetya ransomware. However, in the past year, ransomware has evolved into a new and much more powerful strain, called Ryuk. Ryuk not only encrypts or scrambles all of your important files, it silently spreads to all of the computers in your network and can spend up to a year stealing all of your passwords and infecting all of your backup files before locking up all of the computers in your network. Ryuk carefully chooses its victims based on their ability to pay. Ryuk prefers cities, colleges and school districts. Ryuk charged a city in Florida $600,000 to get their computers back. More recently a college in New York was asked to pay a ransom of $1.4 million to get their computers back. Local government agencies, schools and colleges have been forced to spend millions of additional dollars trying to rebuild their computer networks after being attacked by Ryuk. Worse of all, the advice being given to Ryuk victims thus far by so-called “computer security experts” has been completely wrong.

In this report, we will expose the hidden dangers of Ryuk ransomware. We begin by briefly reviewing the connection between these new forms of ransomware and NSA cyber weapons. We then outline the history of Ryuk and its companion cyber weapons called Emotet, Trickbot and Xbot which work together in a carefully planned attack. Then we discuss the new dangers of Mega Cortex and explain how to truly recover from and protect yourself from future attacks. Finally, we explain how schools and colleges that are victims of these ransomware attacks can fight back and help us move towards a world that eliminates these cyber weapons altogether. If you know someone who works for a school, college or local government that uses a Windows computer network, please share this important article with them.


This report is divided into the following 10 sections:

I. Introduction to Ryuk Ransomware

II. History of NSA Based Cyber Weapons

III. History of Emotet

IV. History of Trickbot

V. History of Xbot

VI. History of Ryuk

VII. How Emotet, Trickbot, Ryuk and Xbot Work

VIII. Mega Cortex… Ransomware with a Kill Switch

IX. How to Recover & Protect Yourself from Future Attacks

X. How Schools & Colleges Can Stop Future Cyber Attacks

Here is a diagram of how Ryuk Ransomware works