Ryuk ransom note (Source: Coveware, Malwarebytes) Prolific Ryuk ransomware has a new trick up its sleeve. The developers behind the notorious strain of crypto-locking malware have given their attack code the ability to spread itself between systems inside an infected network. "A Ryuk sample with worm-like capabilities - allowing it to spread automatically within networks it infects - was discovered during an incident response handled by ANSSI in early 2021," according to a Ryuk report issued Thursday by CERT-FR, the French government's computer emergency readiness team that's part of the National Cybersecurity Agency of France, or ANSSI. Specifically, the worm-like behavior is achieved "through the use of scheduled tasks," via which "the malware propagates itself - machine to machine - within the Windows domain," CERT-FR says. "Once launched, it will thus spread itself on every reachable machine on which Windows RPC accesses are possible." Remote procedure calls are a mechanism for Windows processes to communicate with one another.