Story image

Trend Micro warns NZ & Australian firms about Crysis ransomware

20 Sep 2016

New Zealand and Australian businesses are being warned to watch out for Crysis ransomware, which operates through remote desktop protocol (RDP) attacks.

Jon Oliver, senior architect at Trend Micro, has covered the spread of the ransomware family, known as RANSOM_CRYSIS.A. It has been in circulation in the ANZ region since June this year, in a gap left by the exit of TeslaCrypt and in direct competition to the Locky ransomware.

Oliver says that the Crysis ransomware is spread through spam emails using trojanised attachments, or through links to compromised websites and others that include installers to legitimate programmes.

The company says that through monitoring, it has been able to track how Crysis uses brute-force RDP credentials and ransomware to infect Windows users through local drives, and access through printers, multimedia devices and even the Clipboard.

Oliver explains that RDP is an inbuilt feature of Windows and allows users to connect to others over a network connections. These open connections have been the targets of attacks, information theft and botnet hosting.

Crysis can also scan and encrypt files on network shares and removable drives, meaning that ransomware operators can make the most of the exploits for profit. Dedicated hackers can access the system by gaining administrator permission and causing more damage by encrypting data.

Oliver explains that attacks against Australian and New Zealand businesses have targeted connected devices, such as printers and routers. This method allows Crysis attackers to get access again and take control of a system multiple times, even after malware has been removed. Oliver says this is a key reason why businesses should not pay ransomware demands.

Trend Micro recommends:

  • Administrators close or convert the RDP port to a non-standard port.
  • Updating and strengthening RDP credentials
  • Using two-factor authentication
  • Using secure wipes during cleanups
  • Keeping RDP clients and server software up to date
  • Using the three-copy backup system for data: two different media formats, with one backup stored offline.
  • Using multi-layered security to prevent and mitigate attacks
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.