Seeking Ryuk encryptor/decryptor pairs

[WreckedByEmotet]

Hi all,

I've recently had the pleasure of experiencing the ryuk ransomware.

Our work on the post-mortem of the event has me suddenly scratching my head at the data I'm seeing.   Things seem to have gone a little wrong for the attacker.  Some of the things that are supposed to happen based on write-ups just didn't go down that way if at all.   Long story short:  I have a bad feeling that our little company wasn't the originally intended target, and that the ryuk encryption we got hit with is....older.

Does anyone know of any group of folks that are collecting samples?   I am seriously thinking that we were hit with a sample an adversary had access to.  Perhaps something being passed around in security research circles, and If I'm close to the mark, I also suddenly have short list of suspects and motives that would be worth investigating.

If someone is collecting samples, I would like to share ours to see if anyone already has a match.   Who knows, if I'm right, then maybe these is even a decryptor to go with it, being that the pair might have been passed around in security circles or similar.

Anyone able to point me in a direction, so I could explore this crazy idea further?

Thank you!!!

 

 

[exile360]

Greetings,

You may submit samples for analysis here if you wish, or, if you'd prefer to keep it private (which is understandable given the sensitive nature of the situation) you may instead send a private message directly to thisisu; one of the primary members of the Malwarebytes Research team who works samples in that area, or you may contact Malwarebytes Business Support if you'd prefer to go that route instead, and you can communicate with them via email.  If you prefer the latter then please fill out the form on the bottom of this page and they will respond to you as soon as they are able.

I hope this helps and that you are able to find the culprit and get this issue resolved quickly.