Story image

Trend Micro warns NZ & Australian firms about Crysis ransomware

20 Sep 16

New Zealand and Australian businesses are being warned to watch out for Crysis ransomware, which operates through remote desktop protocol (RDP) attacks.

Jon Oliver, senior architect at Trend Micro, has covered the spread of the ransomware family, known as RANSOM_CRYSIS.A. It has been in circulation in the ANZ region since June this year, in a gap left by the exit of TeslaCrypt and in direct competition to the Locky ransomware.

Oliver says that the Crysis ransomware is spread through spam emails using trojanised attachments, or through links to compromised websites and others that include installers to legitimate programmes.

The company says that through monitoring, it has been able to track how Crysis uses brute-force RDP credentials and ransomware to infect Windows users through local drives, and access through printers, multimedia devices and even the Clipboard.

Oliver explains that RDP is an inbuilt feature of Windows and allows users to connect to others over a network connections. These open connections have been the targets of attacks, information theft and botnet hosting.

Crysis can also scan and encrypt files on network shares and removable drives, meaning that ransomware operators can make the most of the exploits for profit. Dedicated hackers can access the system by gaining administrator permission and causing more damage by encrypting data.

Oliver explains that attacks against Australian and New Zealand businesses have targeted connected devices, such as printers and routers. This method allows Crysis attackers to get access again and take control of a system multiple times, even after malware has been removed. Oliver says this is a key reason why businesses should not pay ransomware demands.

Trend Micro recommends:

  • Administrators close or convert the RDP port to a non-standard port.
  • Updating and strengthening RDP credentials
  • Using two-factor authentication
  • Using secure wipes during cleanups
  • Keeping RDP clients and server software up to date
  • Using the three-copy backup system for data: two different media formats, with one backup stored offline.
  • Using multi-layered security to prevent and mitigate attacks
IP theft: A global issue catching NZ businesses off guard
“We have this incredible record of innovation in New Zealand. But our innovative businesses haven’t always been meticulous in shoring up their IP."
Why A/NZ organisations need to improve compliance protocols
Only a mere 4% of IT decision makers and data managers surveyed said their organisation faced no data management challenges. 
What the people say - Gartner’s November Customers’ Choices
A roundup of the latest Gartner Peer Insight Customers’ Choices from Backup and Recovery to Business Intelligence and Analytics, and more.
BlackBerry buys out cybersecurity AI firm Cylance
“We are eager to leverage BlackBerry’s mobility and security strengths to adapt our advanced AI technology to deliver a single platform.”
Data protection is key to building customer trust
"New data compliance rules offer an opportunity for businesses to re-evaluate their processes and improve data management and customer loyalty."
NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."