1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Crysis Ransomware Appears Out of Thin Air to Take TeslaCrypt's Place

Discussion in 'General Malware And Security' started by starbuck, Jun 10, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    While everybody was expecting Locky, CryptXXX, or Cerber, Crysis swoops in to steal the show from the headliners

    23fadce3983a28ad20b8f6853ed84da4.png

    Three weeks after ESET was announcing that the infamous TeslaCrypt ransomware was shutting down operations, the Slovakian security firm is now reporting on the ransomware that's taken TeslaCrypt's place.

    Named Crysis, first versions of this ransomware were spotted online in mid-February.
    ESET claims that these first versions were not some of the best they've seen, and the company's experts believe they might be able to crack their encryption system.

    Unfortunately, they're not so confident when it comes to its latest versions, though, revealing that Crysis features a strong encryption mechanism that goes after local files, network shares, and even removable drives once it infects a target.

    Crysis encrypts almost every file on your PC

    Crysis doesn't bother targeting certain file extensions but encrypts every file it can get it hands on, except its own binaries and core Windows files.
    Even files without an extension won't escape.

    Once the encryption process finishes, Crysis communicates to its C&C server, sends local computer details in order to identify the infected target, and tells it the number of files it encrypted.

    At this point, the ransomware's operations are almost done, and all that's left to do is to drop a text file on the user's desktop named "How to decrypt your files.txt" and then change the user's desktop.

    Victims have to email the ransomware's operators

    A sign of its small lifespan can be observed in how victims pay to recover their files.
    While most ransomware families have a "decryption website" on the Dark Web, Crysis' authors didn't have time to set one up.

    Instead, they use two email addresses found in the text file and the image used as the desktop wallpaper.
    Users are encouraged to send an email to these two addresses in order to recover their files.

    ESET reports that the payment fee varies between €400 and €900 ($450 and $1,000).
    Of course, payment is handled via Bitcoin, to a wallet address each victim receives in the email reply.

    Currently, ESET thinks that Crysis might be "The One," the ransomware that takes TeslaCrypt's place, already reporting seeing Crysis lay "claim to parts of its [TeslaCrypt's] territory."

    6825caaa6c6d5441bed399e58d8a7f05.jpg
    The Crysis ransomware desktop wallpaper



    Source:
    http://news.softpedia.com/news/crys...n-air-to-take-teslacrypt-s-place-505082.shtml
     
    starbuck, Jun 10, 2016
    #1

Share This Page