The Riddle of Ryuk

Presented at SAINTCON 2019, Oct. 23, 2019, 11 a.m. (30 minutes)

Adventures in Post-Intrusion Ransomware. A year ago Ryuk came onto the scene, an adopted version of the Hermes ransomware. Attribution for the group running the scheme remains unknown, some think North Korea, others Russia. What's for sure is that the group is leveraging long-dwelling Trickbot infections to cripple organizations of all sizes and making millions of dollars a week. In this presentation we talk about how they leverage a Trickbot foothold to shut down an entire organizations network in 2-5 days. We'll also talk about the growing trend of post-intrusion ransomware as a cornucopia of threat groups are trying their hand at this troubling trend.

Presenters:

• Ryan Otteson - Secureworks
  Senior researcher with the Secureworks Counter Threat Unit (CTU). Track a variety of , both nation state and financially motivated threat groups. Just returned to Salt Lake from Edinburgh. In my spare time I enjoy restoring an almost running 1962 Lincoln Continental.

Links:

• https://saintcon2019.sched.com/event/W6Uv/the-riddle-of-ryuk
• https://infocon.org/cons/SAINTCON/SAINTCON 2019/Ryan Otteson - The Riddle of Ryuk.mp4
• https://www.youtube.com/watch?v=mn79bMQKT6c

Similar Presentations:

• VB2019 / Shinigami's revenge: the long tail of Ryuk malware
• REcon 2022 / Malware Wars: DarkSide Strikes Back as BlackMatter
• BSides Austin 2017 / Defending against ransomware: You already have the capability, why are we not using it? This method stopped our attacks cold. Now let me show you how to do it. And it’s FREE, you don’t have to purchase anything.