At least three organizations were hit with Ryuk infections over the course of the first two months of its operations, landing the attackers about $640,000 in ransom for their efforts. CrowdStrike analysis shows that Ryuk is a result of the custom development of an older commodity malware known as Hermes, believed to have been authored by North Koreas Stardust Chollima. Ryuk infection is spread as a secondary payload through botnets, such as TrickBot and Emotet. TrickBot will download and drop Ryuk ransomware on the system, assuming that the infected network is something the attackers want to ransom.”]
Source: https://gbhackers.com/trickbot-emotet-ryuk-ransomware/