Live Latest activity →
RY

ryuk

Known ransomware group
Established actor

Ryuk was a highly targeted ransomware strain operated by the Russian-speaking WIZARD SPIDER group, often deployed as the final stage of TrickBot and Emotet infections. Active primarily from 2018 to 2020, it focused on big-game hunting against enterprises and hospitals before its operators evolved into Conti.

7

Total Claims

0

Critical

Records Claimed

2

Industries Hit

Active span: Oct 4, 2018 – May 4, 2019 · 7 organizations targeted

Established actor
Activity 5.6 Severity 2.5 Sectors 3.7 Tooling 0.0

Actor Threat Profile

Activity Timeline

Peak: Mar 2019 (2)
Oct 2018
LessMore
May 2019

Share this profile

Shareable intel card for ryuk

Top Targeted Industries

Public Sector 6
Manufacturing 1

Targeted Organizations

Committee for Public CounselJackson County, GeorgiaOnslow County Water and SewerCity of CartersvilleImperial CountyMitsubishi Canada AerospaceStuart City

Claims by ryuk

Low

Ransomware Claim: Committee for Public Counsel

Committee for Public Counsel
ryuk
Ransomware Public Sector
Apr 30, 2026
Low

Ransomware Claim: Jackson County, Georgia

Jackson County, Georgia
ryuk
Ransomware Public Sector
Apr 30, 2026
Low

Ransomware Claim: Onslow County Water and Sewer

Onslow County Water and Sewer
ryuk
Ransomware Public Sector
Apr 30, 2026
Low

Ransomware Claim: City of Cartersville

City of Cartersville
ryuk
Ransomware Public Sector
Apr 29, 2026
Low

Ransomware Claim: Imperial County

Imperial County
ryuk
Ransomware Public Sector
Apr 29, 2026
Low

Ransomware Claim: Mitsubishi Canada Aerospace

Mitsubishi Canada Aerospace
ryuk
Ransomware Manufacturing
Apr 29, 2026
Low

Ransomware Claim: Stuart City

Stuart City
ryuk
Ransomware Public Sector
Apr 29, 2026

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.