Ryuk Ransomware: Live Demo and Analysis

Legends and kids are still waiting for Kaspersky vs Bitdefender 2021

kamranrasheed

Thanks for this vid man, I work with malware analysis and was looking for this.

KandeeKush

Nice. Good content as always. Appreciate it.

Enforcedcraft

One of the best malware analysis channels out there!

akixvagymarinene

Heck yeah! Glad to see your cnannel growth 🙌

Milos.L

I added my smb shared folders to the Windows Defender Ransomware protected access feature. Will this help? I added them on every computer that has access to these folders.

HTBLuVA

Hello. I want to get your opinion on which antivirus should I install on my pc. I use windows defender only. My usage is medium and i don't want that antivirus which takes a lot of processing power and ram...

عطاءالرحمن

What happens if u r in the process of getting infected / getting a virus to run for a few seconds but it doesn't complete what it is supposed to ( like encryption ) and u immediately force shutdown your pc?

Bean_consumer

Yes, please!, I would also, like to see, how effective a trial of cynet that is against your ransomware?
When you get a would like to see.
Kind regards,

mooselexus

Good analysis and demo of this new variant. Thanks for the intelligence 👍

admrotob

Awesome. Question: couldn't ransomware be significantly mitigated if normal windows users had a function to not allow common extension (exe, pdf, jpg, word, etc) to be modified or deleted/replaced on a large scale? I mean, most of the files attacked are very know/common extensions and files that 99.9% of people would never even think about changing the extension or deleting/replacing on a massive scale.

waw

@ThePCSecurityChannel If you don't mind me asking, out of all of the ransomware tests you did, which one would you recommend for consumers?

coolnetthere

Given i designed Pictolocker as a proof of concept to fool common misconceptions i also made it work on network locations first. Not this aggressive since that would have been slower and i also needed to be able to control it but it would work from drive Z to C. It really helps the ransomware and its why i advocate for tripwire files on the network that shut the network drive down if deleted.

Kinda surpriced they still go with the file extension and ransomnote mechanic though since that makes it much easier to block against it. It makes me wonder what this ransomware does if the file extension is blocked. Will it just delete the files or would it be a means of stopping it?

I also was curious about the worm effect which you unfortunately didn't demonstrate.

Henk

I jave deleteted windscribe but i checked task manager and it is showing windscribe in startup can i fix it ??

jappanjyot

Hey, thanks for this vid! I have 2 questions: If a system infected by ransomware like Ryuk trying to encrypt files or infect other computers on the network, but these other computers are protected by strong antivirus and antimalware software, would the ransomware still be able to encrypt files or infect the other computers on the network? Can Ryuk spread from cell phones to computers on a network? Thanks in advance!

gec

A company I used to work for got hit with this just a couple of months ago. (I’m watching this to learn what they went through). The whole company was pretty much shut down for a few weeks because of this.

MomentsInTrading

Ryuk did nothing wrong, aside from that whole bringing the death note into the human world thing 😁

dend

How you got malware to analyze?? Isnt it dangerous?

gibranhaekal

Nice video, I just like to ask if you have a memory sample or can image one for memory forensics and behavioral analysis

busyhacker

I somehow got infected with a rw, a .cadq encryption. I believe it is an online encryption, any chance of having +200 GB of files back?

SafYounes