{"id":4542,"date":"2020-03-09T14:00:43","date_gmt":"2020-03-09T12:00:43","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=4542"},"modified":"2020-03-09T13:57:40","modified_gmt":"2020-03-09T11:57:40","slug":"reexamining-infamous-ryuk-ransomware-via-eset-telemetry","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/","title":{"rendered":"Reexamining infamous Ryuk ransomware via ESET telemetry"},"content":{"rendered":"\n<p>Ryuk is a ransomware family that has become, unfortunately, only too well known for taking down a library system, medical centers, newspapers, schools, and multiple other institutions and businesses.&nbsp; Within ESET telemetry, Ryuk first appeared as a little seen threat in 2018, one which rose to greater prominence only toward the end of 2019.<br><br>Going back to the beginning, the life of the Ryuk ransomware family began in August 2018, at which time ESET dubbed the malware \u201cWin32\/Filecoder.NRY.\u201d Detections of this ransomware strain in ESET telemetry* briefly peaked in November 2018, but overall the detections remained low:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.eset.com\/fileadmin\/_processed_\/0\/b\/csm_Win32_NRY_2018-2019_detections_82486e3692.jpg\" alt=\"\"\/><figcaption>Figure 1: Detection trend of the 32-bit version of Ryuk \u2013 called \u201cNRY\u201d in its early days<\/figcaption><\/figure>\n\n\n\n<p>Other researchers in the security community had also&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/Emm_ADC_Soft\/status\/1065755254698987521\" target=\"_blank\">noticed<\/a>&nbsp;this malware early on \u2013 Ryuk was starting to gain a bad reputation after hitting at least five businesses within the first month of its arrival.<br><br>One peculiar characteristic of Ryuk is that anyone taking a first look at it could be easily misled into mistaking it for the Hermes ransomware family. After all, files encrypted by Ryuk contain \u2013 even to this day \u2013 the string \u201cHERMES\u201d in the footer. Ryuk, however, is a separate family of ransomware that shouldn\u2019t be confused with Hermes.<br><br>At the end of April 2019, ESET renamed this malware \u201cWin32\/Filecoder.Ryuk\u201d. The detections with this new name pick up the baton from where detections of \u201cWin32\/Filecoder.NRY\u201d leave off:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.eset.com\/fileadmin\/_processed_\/e\/7\/csm_Win32_Ryuk_2019_detections_2520e65e15.jpg\" alt=\"\"\/><figcaption>Figure 2: Detection trend of the 32-bit version of Ryuk<\/figcaption><\/figure>\n\n\n\n<p>While the detection trend picked up slightly from May 2019, a much greater threat lay in a different form of Ryuk. Ryuk seems to have been recompiled as a new 64-bit version called by ESET \u201cWin64\/Filecoder.Ryuk\u201d. Born in March 2019, this new version of Ryuk slowly climbed to a high point in number of detections by September 2019:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.eset.com\/fileadmin\/_processed_\/9\/5\/csm_Win64_Ryuk_2019_detections_604189ba8a.jpg\" alt=\"\"\/><figcaption>Figure 3: Detection trend of the 64-bit version of Ryuk<\/figcaption><\/figure>\n\n\n\n<p>The 64-bit Ryuk targeted about seven times more users at its zenith compared to its 32-bit sibling. Since the time of its birth, the growth of \u201cWin64\/Filecoder.Ryuk\u201d occurred quite gradually. Could this gradual growth indicate that the threat actors behind Ryuk were focusing on higher value targets such as businesses or other large organizations rather than home users? The known targeting of Ryuk from the headlines, including such companies as Virtual Care Provider, the National Veterinary Associates and CloudJumper, suggests as much.<br><br>Detections of both Ryuk versions throughout 2019 were highest in the United States:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a  href=\"https:\/\/www.eset.com\/fileadmin\/ESET\/BLOG\/Win32_Ryuk_2019_countries.JPG\" data-rel=\"lightbox-gallery-0\" data-rl_title=\"\" data-rl_caption=\"\" data-magnific_type=\"gallery\" title=\"\"><img decoding=\"async\" src=\"https:\/\/www.eset.com\/fileadmin\/ESET\/BLOG\/Win32_Ryuk_2019_countries.JPG\" alt=\"\"\/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><a  href=\"https:\/\/www.eset.com\/fileadmin\/ESET\/BLOG\/Win64_Ryuk_2019_countries.JPG\" data-rel=\"lightbox-gallery-0\" data-rl_title=\"\" data-rl_caption=\"\" data-magnific_type=\"gallery\" title=\"\"><img decoding=\"async\" src=\"https:\/\/www.eset.com\/fileadmin\/ESET\/BLOG\/Win64_Ryuk_2019_countries.JPG\" alt=\"\"\/><\/a><\/figure>\n\n\n\n<p><strong>Decrypting Ryuk ransomware?<\/strong><\/p>\n\n\n\n<p>Ryuk takes advantage of the native CryptoAPI built into Windows operating systems to generate a unique AES-256 encryption key per file. Since AES is a symmetric encryption cipher, a victim will need access to each and every key for successful decryption of all files.<br><br>Getting those file keys, however, is unfeasible. The file keys are themselves encrypted by an RSA public key \u2013 without any significant implementation flaws \u2013 that the Ryuk writers have packaged into the malware executable. RSA is an asymmetric encryption cipher that uses a public-private key pair \u2013 whatever is encrypted by the public key can only be decrypted by the private key. That means only the attackers who have the RSA private key can decrypt and give access to the file keys of a victim.<\/p>\n\n\n\n<p><strong>How to stop ransomware attacks<\/strong><\/p>\n\n\n\n<p>For businesses, there are a number of options specific to ransomware that can help protect against an attack. One crucial check is to make sure that all security solutions deployed in your network are correctly configured.<br><br>For example,<a href=\"https:\/\/www.eset.com\/int\/business\/endpoint-security-windows\/\" target=\"_blank\" rel=\"noreferrer noopener\">&nbsp;ESET Endpoint Security<\/a>,&nbsp;<a href=\"https:\/\/www.eset.com\/int\/business\/endpoint-antivirus-windows\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET Endpoint Antivirus<\/a>,&nbsp;<a href=\"https:\/\/www.eset.com\/int\/business\/mail-security-exchange\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET Mail Security for Microsoft Exchange<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.eset.com\/int\/business\/file-security-windows\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET File Security for Microsoft Windows Server<\/a>&nbsp;all come with a configurable security layer called ESET Host-based intrusion prevention system (HIPS). The HIPS monitors system activity and uses a set of predefined rules to identify and prevent suspicious behavior from running.<br><br>IT administrators can further take advantage of HIPS capabilities by deploying tighter configuration settings against ransomware-like behavior on endpoints. Following the&nbsp;<a href=\"https:\/\/support.eset.com\/en\/kb6119-configure-hips-rules-for-eset-business-products-to-protect-against-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">anti-ransomware guidelines<\/a>&nbsp;in the ESET Knowledgebase, admins can add custom rules to prevent specific script executables, Microsoft Office processes and other common processes \u2013 like explorer.exe, rundll32.exe and powershell.exe \u2013 from launching specific applications or processes not typically required by certain employee profiles.<br><br>Unless there is a good business reason (e.g., for employees who are developers), not all employees need to run every kind of script or executable on their devices. These kinds of \u201cdon\u2019t need extra scripts\/executables\u201d employees can be quickly grouped in&nbsp;<a href=\"https:\/\/www.eset.com\/int\/business\/security-management-center\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET Security Management Center<\/a>, ESET\u2019s remote management tool, for tighter policy management of their HIPS modules.<br><br>IT admins can also apply similar anti-ransomware rules within the&nbsp;<a href=\"https:\/\/support.eset.com\/en\/configure-firewall-rules-for-eset-endpoint-security-to-protect-against-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">firewall<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/support.eset.com\/en\/configure-eset-mail-security-to-protect-against-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">antispam<\/a>&nbsp;modules of ESET endpoint products.<br><br>For further information on how to protect your company against ransomware and similar attacks, please see these useful resources:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" href=\"https:\/\/www.eset.com\/int\/ransomware\/\" target=\"_blank\">What is Ransomware?<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/support.eset.com\/en\/kb3433-best-practices-to-protect-against-filecoder-ransomware-malware\" target=\"_blank\">Best Practices to protect against Filecoder (ransomware) malware<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2018\/10\/ESET_Ransomware_Enterprise.pdf\" target=\"_blank\">Ransomware: an enterprise perspective<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/cdn1.esetstatic.com\/ESET\/US\/resources\/white-papers\/WhitePaper_ESET-vs-Crypto-Ransomware.pdf\" target=\"_blank\">ESET vs. Crypto-ransomware: What, how and why?<\/a><\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Ryuk is a ransomware family that has become, unfortunately, only too well known for taking down a library system, medical centers, newspapers, schools, and multiple other institutions and businesses.&nbsp; Within ESET telemetry, Ryuk first appeared as a little seen threat in 2018, one which rose to greater prominence only toward the end of 2019. Going<\/p>\n","protected":false},"author":5,"featured_media":4545,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[168],"tags":[],"class_list":["post-4542","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ransomware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Reexamining infamous Ryuk ransomware via ESET telemetry - ESET Eesti Blogi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Reexamining infamous Ryuk ransomware via ESET telemetry\" \/>\n<meta property=\"og:description\" content=\"Ryuk is a ransomware family that has become, unfortunately, only too well known for taking down a library system, medical centers, newspapers, schools, and multiple other institutions and businesses.&nbsp; Within ESET telemetry, Ryuk first appeared as a little seen threat in 2018, one which rose to greater prominence only toward the end of 2019. Going\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/\" \/>\n<meta property=\"og:site_name\" content=\"ESET Eesti Blogi\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/antiviirus\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-09T12:00:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2020\/03\/ryuk_1200x628.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"ESET Blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ESET Blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/\"},\"author\":{\"name\":\"ESET Blog\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"headline\":\"Reexamining infamous Ryuk ransomware via ESET telemetry\",\"datePublished\":\"2020-03-09T12:00:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/\"},\"wordCount\":839,\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/ryuk_1200x628.png\",\"articleSection\":[\"ransomware\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2020\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/\",\"name\":\"Reexamining infamous Ryuk ransomware via ESET telemetry - ESET Eesti Blogi\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/ryuk_1200x628.png\",\"datePublished\":\"2020-03-09T12:00:43+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/ryuk_1200x628.png\",\"contentUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/ryuk_1200x628.png\",\"width\":1200,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Reexamining infamous Ryuk ransomware via ESET telemetry\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\",\"name\":\"ESET Eesti Blogi\",\"description\":\"Uudised IT maailmast\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\",\"name\":\"ESET Blog\",\"sameAs\":[\"http:\\\/\\\/eset.ee\"],\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/author\\\/allankinsigo\\\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2020\\\/03\\\/09\\\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\\\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"ESET EESTI\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Reexamining infamous Ryuk ransomware via ESET telemetry - ESET Eesti Blogi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/","og_locale":"en_US","og_type":"article","og_title":"Reexamining infamous Ryuk ransomware via ESET telemetry","og_description":"Ryuk is a ransomware family that has become, unfortunately, only too well known for taking down a library system, medical centers, newspapers, schools, and multiple other institutions and businesses.&nbsp; Within ESET telemetry, Ryuk first appeared as a little seen threat in 2018, one which rose to greater prominence only toward the end of 2019. Going","og_url":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/","og_site_name":"ESET Eesti Blogi","article_publisher":"http:\/\/www.facebook.com\/antiviirus","article_published_time":"2020-03-09T12:00:43+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2020\/03\/ryuk_1200x628.png","type":"image\/png"}],"author":"ESET Blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ESET Blog","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/#article","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/"},"author":{"name":"ESET Blog","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"headline":"Reexamining infamous Ryuk ransomware via ESET telemetry","datePublished":"2020-03-09T12:00:43+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/"},"wordCount":839,"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2020\/03\/ryuk_1200x628.png","articleSection":["ransomware"],"inLanguage":"en-US","copyrightYear":"2020","copyrightHolder":{"@id":"https:\/\/blog.eset.ee\/et\/#organization"}},{"@type":"WebPage","@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/","url":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/","name":"Reexamining infamous Ryuk ransomware via ESET telemetry - ESET Eesti Blogi","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/#primaryimage"},"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2020\/03\/ryuk_1200x628.png","datePublished":"2020-03-09T12:00:43+00:00","author":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"breadcrumb":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/#primaryimage","url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2020\/03\/ryuk_1200x628.png","contentUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2020\/03\/ryuk_1200x628.png","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.eset.ee\/et\/en\/"},{"@type":"ListItem","position":2,"name":"Reexamining infamous Ryuk ransomware via ESET telemetry"}]},{"@type":"WebSite","@id":"https:\/\/blog.eset.ee\/et\/en\/#website","url":"https:\/\/blog.eset.ee\/et\/en\/","name":"ESET Eesti Blogi","description":"Uudised IT maailmast","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.eset.ee\/et\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88","name":"ESET Blog","sameAs":["http:\/\/eset.ee"],"url":"https:\/\/blog.eset.ee\/et\/en\/author\/allankinsigo\/"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2020\/03\/09\/reexamining-infamous-ryuk-ransomware-via-eset-telemetry\/#local-main-organization-logo","url":"","contentUrl":"","caption":"ESET EESTI"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/4542","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=4542"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/4542\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/4545"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=4542"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=4542"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=4542"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}