The Ryuk ransomware is operated by Wizard Spider, a sophisticated Russia-based cybercrime group that targets large corporations for ransomware. Their strategy is known as ‘big game hunting’ as they seek to maximize their payouts by focusing on individuals who are willing to pay big bucks to free their computers from ransomware capture.
The Ryuk ransomware was derived from Hermes, another notorious ransomware as both share similar source code. Hermes is a ransomware as a service (raas) that is sold to nefarious actors who can then choose who it is that they want to target. Often, they target large corporations that are able to settle huge sums of money to have their data freed. Examples of corporations that have been hit by a Ryuk ransomware attack include Electronics Warfare Associates a government contractor that works with the US department of Justice, Homeland Security and the Defense Department.
How Ryuk Ransomware Works
The Ryuk ransomware works by encrypting files on a target computer. Infected computers then display a message urging the victims to pay a ransom or else they face the prospect of never seeing their files ever again. Ryuk ransomware payouts are some of the largest in the Raas industry. Some payouts have topped $600,000.
The malware will often scan the target PC and identify the most commonly used files and discretely encrypt them one by one. Only when all the files are encrypted does a user get a message showing the ransom amount and the bitcoin address, they need to send the money to.
How to Remove Ryuk Ransomware
Unfortunately, for most ransomware, including Ryuk ransomware, there is no easy way around it. You either have to pay the ransom or accept that you will never see your files again. That is the price that you pay once the ransomware has infected your computer as there is no decryptor to unlock your data. But you can remove the offending malware from your computer with the help of antivirus such as Outbyte Antivirus. The anti-malware program will help get rid of the malware while preventing further infections, but as noted, it cannot help recover your files.
What other steps can you take to get rid of the notorious Ryuk ransomware, if you don’t have an antivirus program to help you out? Here are a few of them:
1. Restore Your Computer
Restoring your computer means returning it to an earlier working state in which there were no problems to report. Assuming that the ransomware has complete control over your computer, you can use the Windows startup repair process to access Windows troubleshooting options such as System Restore or returning to an earlier build. Here are the steps on a Windows 10/11 computer:
- As you power your computer, hit the F11 This will bring the Windows 10/11 Advanced Startup Options.
- Once your computer has booted, select Troubleshoot.
- Click advanced options.
- Click Startup Repair.
If the startup repair process, which should take anywhere from one to 2 minutes, fails to rid your computer of the Ryuk malware, proceed to using System Restore. Here are the steps that you should take:
- Use the first step described above to get to the Windows 10/11 Advanced Startup Options.
- Click System Restore.
- Enter your username and password when prompted.
- Select a restore point from the list of the restore points available on your computer. If there are no restore points available, you cannot use this method.
- Scan for affected programs to determine the programs that will no longer be available once the restore process is complete.
- Follow the onscreen directions to complete the process.
System Restore will rid your computer of the Ryuk ransomware, but if it does not, it is time that you took some drastic steps.
2. Reset your Computer
Assuming again that you cannot access some key functions of your computer after an infection by the Ryuk ransomware, including settings and apps, you can opt to reset your PC. By resetting your PC to a default state, you run the risk of losing some files, apps, and settings. But it will get rid of the notorious Ryuk ransomware.
Here is how to reset a Windows 10/11 computer:
- Press the Windows logo and the L key to get to the sign-in screen. Now, press the Shift key while selecting the Power button. Click Restart in the lower-right corner of the screen.
- Your computer will restart in the Windows Recovery Environment.
- On the Choose an Option screen, select Troubleshoot > Reset this PC. You can choose to keep your files, apps, and settings, or to remove everything. But it is best to remove everything since the computer is already infected by malware.
Resetting your PC will most definitely remove the Ryuk malware, but on the off chance that it does not, just install a new Windows or macOS version on your computer.
What to Do to Prevent Ryuk Malware from Infecting Your Computer in the First Place
Is there a way to prevent the likes of Ryuk malware from infecting your computer? Yes, there are steps that you can take to ensure that attempts by the Ryuk ransomware and similar programs to infect your computer fail.
First, install a power anti-malware solution. It will keep guard against any attempts at infiltration and remove any malicious apps. Secondly, update all the apps on your computer, especially browsers. Malware creators like to exploit vulnerabilities in commonly used software in what are called zero-day attacks in the cybersecurity business.
Also, take care while clicking on links from social media, and email attachments. Verify their authenticity first. Lastly, buy software from trusted vendors as pirated software sometimes comes bundled with malware.
That will be all about Ryuk ransomware removal. If you have any questions, suggestions, or comments, feel free to use the comment section below.