A new Ryuk campaign is spreading globally, according to a warning issued by the UK's National Cyber Security Centre (NCSC).
Ryuk is ransomware known for its long "dwell time" — the time between initial infection and system damage — and for adjusting the amount of ransom demanded based on the victim's perceived ability to pay.
The warning lists Emotet, a banking Trojan, and Trickbot, a browser-manipulation data skimmer, as components of the new campaign. According to the NCSC, a common sequence is initial infection by Emotet, followed by a Trickbot infection that carries obfuscation capabilities. If the victim's system provides information that indicates the ability to pay a ransom, Ryuk is deployed.
Read more here.