While investigating an attack in early 2021, the French national cybersecurity agency has discovered a new Ryuk ransomware variant possessing worm-like capabilities that can spread to other devices on victims’ local networks.
As per a report published by ANSSI, “Through the use of scheduled tasks, the malware propagates itself – machine to machine – within the Windows domain. Once launched, it will thus spread itself on every reachable machine on which Windows RPC accesses are possible.”
The new Ryuk variant lists all the IP addresses in the local ARP cache to disseminate itself over the local network and sends Wake-on-LAN (WOL) packets to the discovered devices. It then mounts all sharing resources discovered for every device to encrypt the contents.
To Read More: BleepingComputer