Skip to main content


Home Ryuk ransomware

Ryuk ransomware

Ryuk ransomware definition

Ryuk ransomware is ransomware that encrypts essential files on Windows computers and holds companies for Bitcoin ransom. Attacking businesses, hospitals, and governments since 2018, Ryuk and the gang behind it remain a formidable threat. In the first five months of its creation, Ryuk ransomware is estimated to have cost businesses almost $4M.

How Ryuk ransomware works

  • The target is infected — usually through phishing emails. Victims only need to open an attached document containing the infected code.
  • The malware downloads a trojan, allowing the attackers to steal credentials and access the company’s network.
  • From there, they can infect even more machines, encrypting separate files and whole systems. It uses the AES-256 algorithm, which means if you wanted to crack it, you would have to go through 2^256 possible combinations, making the algorithm virtually unbeatable.

How to protect yourself from Ryuk ransomware

  • Don’t give all employees high-level access to your company network. An intern has no business having login credentials to the admin panel.
  • Learn to recognize phishing and have a strong spam filter for your email. If you never open attachments and emails from suspicious sources, you will never have to worry about malware getting onto your device.
  • Regularly back up your data. Whether you store it on a hard drive or use cloud storage, make sure it can’t be accessed from your office devices. This way, ransomware won’t be able to automatically spread and encrypt your backup files too.
  • Use security software like NordVPN. It will encrypt your connections, stop you from landing on phishing websites, and delete malicious files before you download them.