Skip to main content
Published Apr 02, 2019 | Updated Oct 09, 2020

Ransom:Win32/Ryuk

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Ryuk ransomware renders files inaccessible by encrypting them. This ransomware is typically delivered by human-operated ransomware campaigns to enterprise networks using various methods. Campaign operators have been observed deploying this ransomware in attacks that establish access through phishing emails or vulnerable services. Some of these attacks also leverage existing infections of Trickbot or Emotet malware. Once in the network, operators steal credentials, move laterally to other devices, and obtain privileged credentials before installing this ransomware on multiple target devices. 

Find out ways that malware can get on your PC.

For information about Ryuk and other human-operated ransomware campaigns, read these blog posts:

There is no one-size-fits-all response if you have been victimized by ransomware. To recover files, you can restore backups. There is no guarantee that paying the ransom will give you access to your files.

Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Follow us