Ransomware
Ryuk
aka Wizard Spider ransomware
A targeted big-game-hunting ransomware deployed via TrickBot and Emotet against enterprises and hospitals, and a direct precursor to Conti.
Ryuk pioneered enterprise "big-game hunting" ransomware. From 2018 the Wizard Spider crew used it as the final payload in the Emotet → TrickBot → Ryuk chain, hand-deploying it after mapping a victim network to maximise damage and ransom.
Impact
Ryuk hit hospitals, local governments and large enterprises, demanding multimillion-dollar ransoms. A 2020 wave of attacks on US healthcare during the pandemic drew a joint CISA/FBI/HHS warning.
Lineage
Ryuk's operators evolved the operation into Conti around 2020. Campaign timelines are tracked on Cyber Breaches; an encryptor teardown lives on the Reverse Engineering Hub.
Defense
Treat TrickBot/Emotet detections as pre-ransomware emergencies; keep offline backups and segment networks.