The Riddle of Ryuk

Presented at SAINTCON 2019, Oct. 23, 2019, 11 a.m. (30 minutes)

Adventures in Post-Intrusion Ransomware. A year ago Ryuk came onto the scene, an adopted version of the Hermes ransomware. Attribution for the group running the scheme remains unknown, some think North Korea, others Russia. What's for sure is that the group is leveraging long-dwelling Trickbot infections to cripple organizations of all sizes and making millions of dollars a week. In this presentation we talk about how they leverage a Trickbot foothold to shut down an entire organizations network in 2-5 days. We'll also talk about the growing trend of post-intrusion ransomware as a cornucopia of threat groups are trying their hand at this troubling trend.


  • Ryan Otteson - Secureworks
    Senior researcher with the Secureworks Counter Threat Unit (CTU). Track a variety of , both nation state and financially motivated threat groups. Just returned to Salt Lake from Edinburgh. In my spare time I enjoy restoring an almost running 1962 Lincoln Continental.


Similar Presentations: