Researchers at the company said that while the capabilities of Ryuk were not overly impressive, the organisations that had been affected had paid out large sums as ransoms.
The ransom amount demanded ranged from 15 bitcoin to 50 bitcoin and the attackers had already made about US$640,000, Check Point said.
The source code of Ryuk had some similarities to an older ransomware strain, known as HERMES, with the latter linked to a North Korean group known as the Lazarus Group.
Check Point said one distinguishing feature of Ryuk was that it was not distributed through big spam campaigns, but rather appeared to be intentionally built for small, targeted operations.
"This, of course, means extensive network mapping, hacking and credential collection is required and takes place prior to each operation," Check Point said.
"Its alleged attribution to Lazarus Group... may imply that the attackers are already well experienced in the targeted attacks domain, as seen by attacks such as the breach of Sony Pictures in 2014."
The ransom note that accompanied Ryuk had two versions: one, a long well-worded note and the second a more abrupt missive.
Check Point has a detailed, technical analysis of Ryuk here, where it compares the ransomware to HERMES.