Full Version: Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Quote:The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.

Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is powered down.

According to a recent analysis of the Ryuk Ransomware by SentinelLab's Vitali Kremez, when the malware is executed it will spawn subprocesses with the argument '8 LAN'.

[Image: Ryuk.png]

[Image: timigate-readmore.gif]