Ryuk Ransomware Decryptor Broken

Cybersecurity researchers are warning victims of Ryuk ransomware against paying ransom. Not because it just encourages hackers to continue, but because the decryptor provided by attackers doesn't work for their newest version of Ryuk.

The bad actors behind Ryuk, who usually target enterprises and government agencies, have changed the encryption process of their ransomware. This created a bug in their decryptor, which could lead to data loss in large files. What's more, once the files are decrypted (even if unsuccessfully), the tool deletes the encrypted version.

Therefore, Ryuk victims are not only advised not to pay the ransom, but also backup all of their encrypted data before performing any decryption, regardless of where they received the decryptor.

Author image

About Ariadna Pawluk

Cybersecurity enthusiast, hunting all the freshest news, insights and tidbits.