Crysis Ransomware Looks Out of Thin to Take Place of TeslaCrypt


ESET created a TeslaCrypt decryptor enabling victims of the ransomware to receive back their files. More than 32,000 users across the world have already availed this opportunity and downloaded the tool. Although TeslaCrypt left its territory, but families of malware extortion have not lost their importance amongst cybercriminals. However, waves of JS/Danger.ScriptAttachment and JS/TrojanDownloader.Nemucod are not ceasing, and they are continuing to try to download many variants of Locky which are affecting Irish users also, it looks like that only this ransomware would claim to capture the turf of TeslaCrypt.

Unfortunately, they are not so sure when it comes to its latest versions, though; exposing that Crysis contains a strong encryption mechanism which goes after network shares, local files, and even removable drives when it infects a target.

We have observed various approaches regarding the spreading of malware during our research. In most cases, files of Crysis ransomware were distributed as attachments to spam e-mails by using double file extensions. Executable files look to be non-executable with the use of this simple and effective technique.

Informationsecuritybuzz.com posted on 9th June, 2016, stating that attackers use another vector such as concealed malicious files that look harmless installers for different genuine applications which they have been spreading through various online locations and shared networks.

Instead, they use two email addresses from the text file and the image of the desktop wallpaper. They encourage users to send an email to these two addresses to recover their files.

After completing its malicious purposes, a text file called How to decrypt your files.txt is dropped into the Desktop folder accompanied by DECRYPT.jpg picture in some cases.

ESET reveals that the payment fee ranges from 400 Euro to 900Euro ($450 to $1,000). Obviously, the payment is moved through Bitcoin to a wallet address provided in the replied email received by each victims.

However, victims infected with older versions of Win32/Filecoder.Crysis have a good chance of recovering their files without paying to attackers. Files encrypted with older versions might be recovered with the help of technical support by ESET.

Presently, ESET thinks that Crysis might be the only ransomware which takes place of TeslaCrypt and already reporting that Crysis claims to be the parts of its territory.

ยป SPAMfighter News - 6/16/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next