Ryun Ransomware is a sophisticated piece of code written on the lines of Hermes Ransomware
. It demands 15 to 35 BTC from it victims to recover files.
A new Sample of Ryuk Ransomware is spreading in the wild that implements Wake on LAN (WOL) feature. It extracts IP address form its victims ARP table and send a WOL request on the network. If it able to awake
a host it mounts "C$/admin" share, if successful the Ryuk deletes volume shadow copies and encrypt the drive. It appends "HARMES" to the end of the file as marker to itself that file is encrypted.
Ryun Ransomware Signatures
Ryun Ransomware Sample Download
Ryuk Ransomware WOL Sample Signatures
Ryuk Ransomware WOL Sample Download
Password of the archive is infected