Top research firms have recently disclosed that they suspect the Ryuk Ransomware to be the work of Russian cybercriminals, it should be noted that earlier Ryuk was wrongly linked to state sponsored cyber criminals from North Korea, a probability that was coined by several news agencies.
However, that turns out to be false, and with insufficient attribution of North Korean State-backed agencies with a certain version of Hermes. Although, not baseless but the attribution, has now been ruled out by pioneers in cyber security.
In the opinion of McAfee, FireEye, Krypos Logic and Crowdstrike, the probability of Russian involvement is considerably higher in the Ryuk Ransomware episode.
All of them have reportedly stated that they have a reason to believe Ryuk Ransomware to be the operation of a large group of Russian Cyber criminals. However, there were no fingers pointing at the Russian authorities, and the Cyber Researchers have indicated that this could be a financially motivated gold-digger group.
How it all began
The reason it was attributed to North Korea was the use of Hermes Ransomware, which was used in the development of Ryuk. Since the North Korean State-backed agencies had reportedly purchased Hermes, earlier, which they used to launch an attack on Taiwan’s Far Eastern International Bank, they hit the headlines. Later, the IT majors confirmed that the cyber criminal group behind Ryuk Ransomware, had also purchased Hermes.
However, with the current developments, it is clear that there is no state-level involvement by North Korea. Although it may seem like another group of Russian Hackers looking at making some quick money, CrowdStrike thinks otherwise.
According to CrowdStrike, Ryuk Ransomware is likely to be an offshoot of a much larger cyber crime operation. However, there is no reason for anyone to believe that this can in anyway be linked to North Korea. However, Ryuk Ransomware has been linked to EmoTet and TrickBot.