The Ryuk ransomware is most likely the creation of Russian financially-motivated cyber-criminals, and not North Korean state-sponsored hackers, according to reports published this week by four cyber-security firms –Crowdstrike, FireEye, Kryptos Logic, and McAfee. These companies published these reports this week after several news outlets incorrectly attributed a Ryuk ransomware infection at a major US news media group that took place over the Christmas holiday on North Korean hackers. However, evidence suggests that the ransomware was created by a criminal group that Crowdstrike calls Grim Spider, who appears to have bought a version of the Hermes ransomware from a hacking forum, and modified it to their own requirements into what now is known as the Ryuk ransomware. The confusion comes from the fact that North Korean state hackers deployed a version of the Hermes ransomware on the network of the Far Eastern International Bank (FEIB) in Taiwan after carrying out a hack in October 2017. Researchers believe North Korean hackers bought the same Hermes ransomware kit from hacking forums, like the Grim Spider group, and deployed it on the bank’s network as a distraction and to cover the tracks of their cyber-heist, and that there is no connection between the Pyongyang regime’s hackers and the Ryuk ransomware strain. On the contrary, CrowdStrike says Grim Spider (the Ryuk ransomware gang) appears to be a sub-division of a larger cyber-criminal operation that they have been tracking as Wizard Spider, which they say is responsible for creating the TrickBot banking trojan. Crowdstrike, Kryptos… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.