VERY IMPORTANT

In the last three months, there has been a 50% uptick in ransomware, with the Ryuk ransomware garnering attention after a string of high profile attacks that have been crippling companies. In this post, Sentinel Labs looks at how Ryuk has evolved since 2018 and explores the improvements in encryption speed and evasion techniques that we see in Ryuk samples today. Along the way, we detail a method analysts can use to extract the Ryuk executable from memory and dump it to file for further inspection.