Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Ryuk Ransomware Support & Help Topic

  • Please log in to reply
2 replies to this topic

#1 dukeishere


  • Members
  • 1 posts
  • Local time:10:54 AM

Posted 17 August 2018 - 01:41 PM

Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorithm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at
BTC wallet:
No system is safe
This notepad file is saved on  the c drive also multiple files are saved to the public user folder such as
kIUAm (seems randomly name because it differs pc to pc) - Application
PUBLIC - file
RyukReadMe- Text Document
Any Information is greatly appreciated on a fix or any other info
This affected 50+ pc's in a business

BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,580 posts
  • Gender:Male
  • Location:USA
  • Local time:09:54 AM

Posted 17 August 2018 - 03:52 PM

We've seen a few submissions of this. ID Ransomware is picking up on the encrypted file via filemarker as Hermes, but the ransom note really looks like Bitpaymer to us. Either way, it is likely targetted via RDP hack.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 Amigo-A


  • Members
  • 613 posts
  • Gender:Male
  • Location:3st station from Sun
  • Local time:08:54 PM

Posted 19 August 2018 - 01:32 PM

it's not fish or not meat, but... Ryuk Ransomware

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users