Ryuk

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Ryuk](https://attack.mitre.org/software/S0446) is a ransomware designed to target enterprise environments that has been used in attacks since at least 2018. [Ryuk](https://attack.mitre.org/software/S0446) shares code similarities with Hermes ransomware.(Citation: CrowdStrike Ryuk January 2019)(Citation: FireEye Ryuk and Trickbot January 2019)(Citation: FireEye FIN6 Apr 2019)

Associated Techniques (22)

ID	ATT&CK	Tactics
T1016	System Network Configuration Discovery	-
T1021.002	SMB/Windows Admin Shares	-
T1027	Obfuscated Files or Information	-
T1036	Masquerading	-
T1036.005	Match Legitimate Resource Name or Location	-
T1053.005	Scheduled Task	-
T1055	Process Injection	-
T1057	Process Discovery	-
T1059.003	Windows Command Shell	-
T1078.002	Domain Accounts	-
T1083	File and Directory Discovery	-
T1106	Native API	-
T1134	Access Token Manipulation	-
T1205	Traffic Signaling	-
T1222.001	Windows File and Directory Permissions Modification	-

Used by Actors (2)

FIN6
Unknown

WIZARD SPIDER
Nation-state

Metadata

ID:	453
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00