The Ryuk ransomware has raked in $3.7 million in bitcoin payments since it first appeared last August. The malware s operator, Grim Spider, could be affiliated with Russian cybercrime rings, according to some. CrowdStrike analysis shows that Grim Spider is a sub-cell of a larger, Russia-based group called Wizard Spider, which is best known as spreading the TrickBot banking malware and carrying out wire fraud. Ryuk is a result of the custom development of an older commodity malware known as Hermes, believed to have been authored by North Korea’s Stardust Chollima (a.k.a. APT38)
Source: https://threatpost.com/ryuk-earnings-trickbot/140823/