Historically, Ryuk has been considered a targeted ransomware that scopes out a target, gained access via Remote Desktop Services or other direct methods, stole credentials, and then targeted high profile data and servers to extort the highest ransom amount possible.
Ryuk has been a high profile ransomware due to its wide impact on the networks it infects, high ransom demands, and reports of having earned close to 3.7 million dollars. Just recently, Ryuk was used in an attack that affected the newspaper distribution for large publications such as Wall Street Journal, New York Times, and Los Angeles Times.
New research now indicates that the Ryuk actors may be renting other malware as an Access-as-a-Service to gain entrance to a network.
Source: Bleeping Computer