{"id":123847,"date":"2021-07-06T21:01:34","date_gmt":"2021-07-07T04:01:34","guid":{"rendered":"\/blogs\/?p=123847"},"modified":"2024-02-19T00:31:02","modified_gmt":"2024-02-19T08:31:02","slug":"new-ryuk-ransomware-sample%e2%80%aftargets-webservers","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/","title":{"rendered":"New Ryuk Ransomware Sample\u202fTargets Webservers"},"content":{"rendered":"<h2>Executive Summary<\/h2>\n<p><a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/ryuk-ransomware-attack-rush-to-attribution-misses-the-point\" target=\"_blank\" rel=\"noopener\">Ryuk<\/a> is a ransomware that encrypts a victim\u2019s files and requests payment in Bitcoin cryptocurrency to release the keys used for encryption. Ryuk is used exclusively in targeted ransomware attacks.<\/p>\n<p>Ryuk was first observed in August 2018 during a campaign that targeted several enterprises. Analysis of the initial versions of the ransomware revealed similarities and shared source code with the <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/ryuk-exploring-the-human-connection\" target=\"_blank\" rel=\"noopener\">Hermes ransomware<\/a>. Hermes ransomware is a commodity malware for sale on underground forums and has been used by multiple threat actors.<\/p>\n<p>To encrypt files Ryuk utilizes a combination of symmetric AES (256-bit) encryption and asymmetric RSA (2048-bit or 4096-bit) encryption. The symmetric key is used to encrypt the file contents, while the asymmetric public key is used to encrypt the symmetric key. Upon payment of the ransom the corresponding asymmetric private key is released, allowing the encrypted files to be decrypted.<\/p>\n<p>Because of the targeted nature of Ryuk infections, the initial infection vectors are tailored to the victim. Often seen initial vectors are spear-phishing emails, exploitation of compromised credentials to remote access systems and the use of previous commodity malware infections. As an example of the latter, the combination of Emotet and TrickBot, have frequently been observed in Ryuk attacks.<\/p>\n<h2>Coverage and Protection Advice<\/h2>\n<p>Ryuk is detected as Ransom-Ryuk![partial-hash].<\/p>\n<p>Defenders should be on the lookout for traces and behaviours that correlate to\u202fopen source\u202fpen test tools such as\u202fwinPEAS,\u202fLazagne, Bloodhound and Sharp Hound, or hacking frameworks like Cobalt Strike, Metasploit, Empire or Covenant, as well as abnormal\u202fbehavior\u202fof non-malicious tools that have a dual use. These seemingly legitimate tools (e.g.,\u202fADfind,\u202fPSExec, PowerShell, etc.) can be used for things like enumeration and execution. Subsequently, be on the lookout for abnormal usage of Windows Management Instrumentation WMIC (T1047). We advise everyone to check out the following blogs on evidence indicators for a targeted ransomware attack (<a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/csi-evidence-indicators-for-targeted-ransomware-attacks\/\" target=\"_blank\" rel=\"noopener\">Part1<\/a>,\u202f<a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/csi-evidence-indicators-for-targeted-ransomware-attacks-part-ii\/\" target=\"_blank\" rel=\"noopener\">Part2<\/a>).<\/p>\n<ul>\n<li>Looking at other similar Ransomware-as-a-Service families we have seen that certain entry vectors are quite common among ransomware criminals:<\/li>\n<li>E-mail\u202fSpear\u202fphishing\u202f(T1566.001) often used to directly engage and\/or gain an initial foothold. The initial phishing email can also be linked to a different malware strain, which acts as a loader and entry point for the attackers to continue completely compromising a victim\u2019s network. We have observed this in the past with the likes of\u202fTrickbot\u202f&amp; Ryuk or\u202fQakbot\u202f&amp;\u202fProlock, etc.<\/li>\n<li>Exploit Public-Facing Application (T1190) is another common entry vector, given cyber criminals are often avid consumers of security news and are always on the lookout for a good exploit. We therefore encourage organizations to be fast and diligent when it comes to applying patches. There are numerous examples in the past where vulnerabilities concerning remote access software, webservers, network edge equipment and firewalls have been used as an entry point.<\/li>\n<li>Using valid accounts (T1078) is and has been a proven method for cybercriminals to gain a foothold. After all, why break the door down if you already have the keys? Weakly protected RDP access is a prime example of this entry method. For the best tips on RDP security, please see\u202four\u202f<a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rdp-security-explained\/\" target=\"_blank\" rel=\"noopener\">blog<\/a>\u202fexplaining RDP security.<\/li>\n<li>Valid accounts can also be obtained via commodity malware such as\u202finfostealers\u202fthat are designed to steal credentials from a victim\u2019s computer.\u202fInfostealer\u202flogs containing thousands of credentials can be purchased by ransomware criminals to search for VPN and corporate logins. For organizations, having a robust credential management and MFA on user accounts is an absolute must have.<\/li>\n<\/ul>\n<p>When it comes to the actual\u202fransomware\u202fbinary, we strongly advise updating and upgrading\u202fendpoint protection, as well as enabling options like tamper protection and Rollback. Please read\u202four\u202fblog\u202fon how to best configure ENS 10.7 to protect against ransomware for more details.<\/p>\n<h2>Summary of the Threat<\/h2>\n<p>Ryuk ransomware is used exclusively in targeted attacks<\/p>\n<p>Latest sample now targets webservers<\/p>\n<p>New ransom note prompts victims to install Tor browser to facilitate contact with the actors<\/p>\n<p>After file encryption, the ransomware will print 50 copies of the ransom note on the default printer<\/p>\n<p>Learn more about Ryuk ransomware, including Indicators of Compromise, Mitre ATT&amp;CK techniques and Yara Rule, by reading our detailed <a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-ryuk-ransomware-targeting-webservers.pdf\" target=\"_blank\" rel=\"noopener\">technical analysis<\/a><strong>.<span style=\"color: #ff0000;\"><br \/>\n<\/span><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Executive Summary Ryuk is a ransomware that encrypts a victim\u2019s files and requests payment in Bitcoin cryptocurrency to release the&#8230;<\/p>\n","protected":false},"author":1291,"featured_media":124261,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[10279],"class_list":["post-123847","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Ryuk Ransomware Sample\u202fTargets Webservers | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Executive Summary Ryuk is a ransomware that encrypts a victim\u2019s files and requests payment in Bitcoin cryptocurrency to release the keys used for\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Ryuk Ransomware Sample\u202fTargets Webservers | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Executive Summary Ryuk is a ransomware that encrypts a victim\u2019s files and requests payment in Bitcoin cryptocurrency to release the keys used for\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-07T04:01:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-19T08:31:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"247\" \/>\n\t<meta property=\"og:image:height\" content=\"237\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marc Elias\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sisoma2\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marc Elias\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/\"},\"author\":{\"name\":\"Marc Elias\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/a01111ca0a5608a2f0f4973e2087227e\"},\"headline\":\"New Ryuk Ransomware Sample\u202fTargets Webservers\",\"datePublished\":\"2021-07-07T04:01:34+00:00\",\"dateModified\":\"2024-02-19T08:31:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/\"},\"wordCount\":703,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/\",\"name\":\"New Ryuk Ransomware Sample\u202fTargets Webservers | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg\",\"datePublished\":\"2021-07-07T04:01:34+00:00\",\"dateModified\":\"2024-02-19T08:31:02+00:00\",\"description\":\"Executive Summary Ryuk is a ransomware that encrypts a victim\u2019s files and requests payment in Bitcoin cryptocurrency to release the keys used for\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg\",\"width\":247,\"height\":237,\"caption\":\"hacker attack, cyber crime concept, cybersecurity\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"New Ryuk Ransomware Sample\u202fTargets Webservers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/a01111ca0a5608a2f0f4973e2087227e\",\"name\":\"Marc Elias\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/050eceec38a0cdfc234c07f0319f95e4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Foto_Marc2-e1624899302243-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Foto_Marc2-e1624899302243-96x96.jpg\",\"caption\":\"Marc Elias\"},\"description\":\"Marc Elias is a Security Researcher on the McAfee Advanced Threat Research team. He is currently focused on reverse engineering and tracking APT malware, specially from bears, as well as banking trojans and ransomware. In previous jobs, he performed forensic analysis and threat hunting in clients\u2019 infected systems and participated in some high-profile cases such as an APT intrusion in a government client and critical ransomware incidents. As a member of the spanish team Ripp3rs, he is an eager participant of Capture The Flag (CTF) competitions and is keen on doing a little research on its own to keep up with the latest trends in the cybersecurity space. During his free time, Marc also enjoys electronic music and assisting to music festivals.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/marceliasdp\",\"https:\/\/x.com\/sisoma2\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/marc-elias\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Ryuk Ransomware Sample\u202fTargets Webservers | McAfee Blog","description":"Executive Summary Ryuk is a ransomware that encrypts a victim\u2019s files and requests payment in Bitcoin cryptocurrency to release the keys used for","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"New Ryuk Ransomware Sample\u202fTargets Webservers | McAfee Blog","og_description":"Executive Summary Ryuk is a ransomware that encrypts a victim\u2019s files and requests payment in Bitcoin cryptocurrency to release the keys used for","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2021-07-07T04:01:34+00:00","article_modified_time":"2024-02-19T08:31:02+00:00","og_image":[{"width":247,"height":237,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg","type":"image\/jpeg"}],"author":"Marc Elias","twitter_card":"summary_large_image","twitter_creator":"@sisoma2","twitter_site":"@McAfee","twitter_misc":{"Written by":"Marc Elias","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/"},"author":{"name":"Marc Elias","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/a01111ca0a5608a2f0f4973e2087227e"},"headline":"New Ryuk Ransomware Sample\u202fTargets Webservers","datePublished":"2021-07-07T04:01:34+00:00","dateModified":"2024-02-19T08:31:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/"},"wordCount":703,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/","name":"New Ryuk Ransomware Sample\u202fTargets Webservers | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg","datePublished":"2021-07-07T04:01:34+00:00","dateModified":"2024-02-19T08:31:02+00:00","description":"Executive Summary Ryuk is a ransomware that encrypts a victim\u2019s files and requests payment in Bitcoin cryptocurrency to release the keys used for","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Lock-copy-1-e1625073720182.jpeg","width":247,"height":237,"caption":"hacker attack, cyber crime concept, cybersecurity"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-ryuk-ransomware-sample%e2%80%aftargets-webservers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"New Ryuk Ransomware Sample\u202fTargets Webservers"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/a01111ca0a5608a2f0f4973e2087227e","name":"Marc Elias","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/050eceec38a0cdfc234c07f0319f95e4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Foto_Marc2-e1624899302243-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/Foto_Marc2-e1624899302243-96x96.jpg","caption":"Marc Elias"},"description":"Marc Elias is a Security Researcher on the McAfee Advanced Threat Research team. He is currently focused on reverse engineering and tracking APT malware, specially from bears, as well as banking trojans and ransomware. In previous jobs, he performed forensic analysis and threat hunting in clients\u2019 infected systems and participated in some high-profile cases such as an APT intrusion in a government client and critical ransomware incidents. As a member of the spanish team Ripp3rs, he is an eager participant of Capture The Flag (CTF) competitions and is keen on doing a little research on its own to keep up with the latest trends in the cybersecurity space. During his free time, Marc also enjoys electronic music and assisting to music festivals.","sameAs":["https:\/\/www.linkedin.com\/in\/marceliasdp","https:\/\/x.com\/sisoma2"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/marc-elias\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/123847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/1291"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=123847"}],"version-history":[{"count":1,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/123847\/revisions"}],"predecessor-version":[{"id":183070,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/123847\/revisions\/183070"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/124261"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=123847"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=123847"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=123847"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=123847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}