Ryuk Ransomware

Quick facts

How Ryuk ransomware works

File encryption patterns

Ryuk modifies encrypted files using specific patterns to mark them as encrypted:

Ransom note and payment demands

After encrypting files, Ryuk displays ransom notes demanding payment for file recovery:

notes/README.PLEASE.txt

notes/RyukReadMe.txt

notes/ReadMe.txt

notes/RyukReadMe.html

Technical indicators

Associated executable files

The following executable files are associated with Ryuk ransomware:

• ryuk.exe
• myfile.exe
• eqBNr.exe
• fivjf.exe
• file000_yguts.exe
• hxmzl.exe
• file000_hxmzl.exe
• Ryuk.bin
• zzzavxu.exe
• tmp.exe
• forgottenruins
• Forg.EXE
• TlMMhwH.exe
• 429456.exe
• QVA1.exe
• R1.EXE
• r.exe
• v19V.exe
• c.exe
• LithuanianicMercy.exe
• mal032.exe
• MtXtS.exe
• qKYRXvh.exe
• StyleDlgDemo.exe
• V1.exe
• YwVkXop.exe
• BwNXFKD.exe
• mscgpho.exe
• payload.exe
• 15304-SAoAg.exe
• SplashMfcDialog.EXE
• v2.exe
• YFYIFLj.exe
• zFIcQUZ.exe
• hhCMh.exe
• TymKYtO.exe
• HEzRYge.exe
• V2.EXE
• PortletReferencing
• fx2-141_1.exe
• eNkWieXdclan.exe
• uNuCa.exe
• DHrQU.exe
• he president's Republican Party has tried to resist calls for witnesses to testif
• US media outlets reported on Tuesday
• sBgovWhZhlan.exe
• CreateCheckboxImageListTest.exe
• SehKD.exe
• EcEEe.exe
• vV.exe
• System Manager.exe
• YeSVw.exe
• aHSIi.exe
• AnEkc.exe
• qKxYF.exe
• xxx.exe
• me.exe

About this analysis

This Ryuk ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery, helping organizations defend against and recover from ransomware attacks like Ryuk.

Last updated: December 30, 2025

Recent ransomware

Explore other threats in our database