diff --git a/malware/RANSOM_Ryuk.yar b/malware/RANSOM_Ryuk.yar
new file mode 100644
index 00000000..3e34aaf3
--- /dev/null
+++ b/malware/RANSOM_Ryuk.yar
@@ -0,0 +1,14 @@
+import "pe"
+
+rule ryuk_malware
+{
+
+    meta:
+        description = "RYUUK Malware detector"
+
+    strings:
+        $readme = "RyukReadMe.html" wide ascii
+
+    condition:
+        (pe.is_pe or pe.is_dll()) and filesize < 400KB and $readme
+}
diff --git a/malware_index.yar b/malware_index.yar
index e45712ad..79a4b453 100644
--- a/malware_index.yar
+++ b/malware_index.yar
@@ -340,6 +340,7 @@ include "./malware/RANSOM_PetrWrap.yar"
 include "./malware/RANSOM_Petya.yar"
 include "./malware/RANSOM_Petya_MS17_010.yar"
 include "./malware/RANSOM_Pico.yar"
+include "./malware/RANSOM_Ryuk.yar"
 include "./malware/RANSOM_SamSam.yar"
 include "./malware/RANSOM_Satana.yar"
 include "./malware/RANSOM_Shiva.yar"