A ransomware virus that the FBI has been tracking since 2018 has been detected in China.
According to CoinDesk, a recent Tencent Security report stated the virus — named Ryuk — has infected more than 100 government and private enterprises in the U.S., with hackers demanding ransom of around $5 million in bitcoin.
Ryuk is believed to be a version of the Hermes virus, spreading through botnet and spam methods. Once installed, the malware deletes all files related to the attack and kills antivirus processes. The virus also places a “RyukReadMe” file that opens the blackmail letter on the victim’s internet browser.
In January, Ryuk was reportedly responsible for a hack of Tribune Publishing. And in June, officials in Lake City, Florida, paid a $460,000 ransom after the city’s computer systems went dark — two weeks after a $600,000 hijacking in Riviera Beach, Florida.
“After the attacker has gained access to the victim network, additional network exploitation tools may be downloaded… once executed, Ryuk establishes persistence in the registry, injects into running processes, looks for network connected file systems, and begins encrypting files,” the FBI wrote, according to CoinDesk.
It is unknown how many Chinese companies and agencies have been infected at this time.
In other news, an Israeli hacker has been charged with the theft of $1.7 million in different digital currencies.
According to The Next Web, 31-year-old Eliyahu Gigi from Tel Aviv allegedly stole bitcoin, ethereum, and dash from various foreigners, including Belgians, Dutch and Germans.
Law enforcement has revealed that Gigi had been operating a number of websites to distribute malicious software to infect victim’s computers and allow him to steal the crypto. He was arrested earlier this year with his younger brother. Gigi has been charged with theft, fraud, aggravated counterfeiting, use of a forged document, perjury, money laundering, and income tax offenses. His brother has not been charged.