A New Type of Ransomware is on the Rise

Since the unexpected demise of TeslaCrypt, security researchers have been on the lookout for high-profile ransomware types to make the most out of the situation.

However, ESET’s researchers found out that a lesser-known type of ransomware has been on the rise. Crysis, a fairly new type of ransomware, has been on the upswing as of late.

Crysis includes a host of malicious traits, and it is being said that it has become more prevalent than the Locky ransomware type. It has the power to encrypt all types of files on a computer, even those without extensions.

“Most ransomware families are encrypting files with specific extensions, so this behavior is unusual,” reported Ondrej Kubovic, EMEA’s security specialists.

He added that a number of executables files get encrypted, something not common especially among the more infamous of ransomware families. This could lead to the infected device becoming more unsteady.

Crysis is starting to become more prevalent than the Locky ransomware strain.

Researchers also found that Crysis also has the ability to get administrator access on some Windows computers, allowing the ransomware to access and encrypt even more of the computer’s data.

According to the ESET report, victims are usually asked to pay in the range of 400-900 euros in Bitcoins. The ransom details are usually saved in a text file saved on the infected device’s desktop.

The first known Crysis case was in February 2016, and they are commonly packaged in spam emails that utilise double file extensions that allow executable files look like non-executable ones.

The ESET report also said that the ransomware authors disguise “malicious files as harmless-looking installers” for several legitimate programs which are spread through online settings and common networks.

Kubovic also added that they have seen the malware hidden in common programs such as Microsoft Excel, WinRar, etc.

Crysis not only encrypts a computer’s data but can also gather the victim’s computer name and several files, sending them to a remote server after. Kubovice also said, “By setting the registry entries, Crysis gains a stronger foothold in the system, making itself more difficult to remove.”

Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.

Share on social media: