A new malware containing some similarities to Ryuk ransomware, but which acts as an information stealer targeting military, law and financial institutions has been uncovered by MalwareHunterTeam.

Once onboard a device the as-yet-unnamed malware begins its attack begins searching for .docx and .xlsx files, according to Bleeping Computer. In a fashion similar to how ransomware operates, this malware has a blacklist of terms that it checks against and if any are contained in file it is skipped, including some associated with Ryuk, such as RyukReadMe.txt or anything with a .ryk extension. There are also some shared code similarities.

The malware also checks against a list of 77 strings containing words primarily associated with its three targets. MalwareHunterTeam also found the malware searching for popular children’s names, but it is not known why this is done.