Bitcoin | Ransomware | China | Virus | US

A ransomware virus has been affecting more than 100 government and private enterprises in the U.S. and internationally gets detected in China, according to a recent Tencent Security report.

Dubbed as Ryuk, this pernicious code targets “logistics companies, technology companies and small municipalities” that has high data value. They demanded bounties upward of $5 million paid in bitcoin, as per the Federal Bureau of Investigation (FBI). Ryuk was blamed to be behind the hack of Tribune Publishing in January, that affecting all of the media conglomerate’s outlets.

Officials in Lake City, Florida paid out a $460,000 ransom in June following the city’s computer systems went dark. The incidence occurred two weeks after Riviera Beach, Florida’s $600,000 hijacking. Ryuk is believed to be a modified version of the Hermes virus that debuted in August 2018.

The virus spreads through the usual botnet and spam methods, and infiltrates through undefended IP ports. Upon installation, the malware deletes all files related to the intrusion, killing antivirus processes and obscuring the infection vector. However, FBI agents found evidence that in one case, Ryuk entering through a Remote Desktop Protocols brute force attack.

The agency wrote in a Flash:

“After the attacker has gained access to the victim network, additional network exploitation tools may be downloaded… once executed, Ryuk establishes persistence in the registry, injects into running processes, looks for network connected file systems, and begins encrypting files.”

A “RyukReadMe” file is dropped by the virus when the blackmail letter is opened on the victim’s internet browser. The html webpage lists only the two hacker’s email addresses in the upper left hand corner, the name of the virus in the center of the page, and the cryptic phrase “balance of shadow universe” in the bottom right corner.

The FBI has been tracking the virus since 2018, noticing a number of modifications. Reportedly, the Chinese variant simultaneously runs a 32-bit and 64-bit blackmail module, enabling the bug to further evolve. Though the number of Chinese enterprises infeceted or the the total amount that was ransomed wasn’t disclosed as of press time.

Read more: LibertyX, Bitcoin ATM Firm Enters New Partnership For Expansion

Image source – Pixabay.Com

Cryptocurrency Market Update

Ethereum Price Analysis – ETHUSD Rebounds Above $200

Litecoin Price Analysis – LTCUSD Bullish, Approaches $100 Level

Bitcoin Cash Price Analysis – BCHUSD In A Bullish Momentum

Binance Coin Price Analysis – Will BNBUSD Decline Further To $24?

Like us on Facebook

The post Bitcoin Ransomware Guilty Of Infiltrating 100 US Enterprises Enters China appeared first on Latest Crypto News.



This content is synced from the rightful owners. Copyright on text and images belong to the original source.

--
This article was first published on: Latest Crypto News