According to a new report by McAfee and Coveware, the threat actors behind Ryuk, a highly successful ransomware strain, are not North Korean hackers as was previously suspected. Instead, researchers now believe that hackers from at least two and perhaps even more cybercrime groups are orchestrating the Ryuk infections. The cybercriminals are likely operating out of Russia or out of former Russian satellite states.
In less than one year, Ryuk ransomware campaigns have netted the threat actors about $4 million in ransom payments from organizations and individual users who wished to regain access to their systems after Ryuk had encrypted them. Currently, the average ransom demanded by the attackers is about $71,000 in bitcoin.
Read more: Mistaken For North Koreans, The ‘Ryuk’ Ransomware Hackers Are Making Millions