sb-au logo
Story image

Trend Micro warns NZ & Australian firms about Crysis ransomware

20 Sep 2016

New Zealand and Australian businesses are being warned to watch out for Crysis ransomware, which operates through remote desktop protocol (RDP) attacks.

Jon Oliver, senior architect at Trend Micro, has covered the spread of the ransomware family, known as RANSOM_CRYSIS.A. It has been in circulation in the ANZ region since June this year, in a gap left by the exit of TeslaCrypt and in direct competition to the Locky ransomware.

Oliver says that the Crysis ransomware is spread through spam emails using trojanised attachments, or through links to compromised websites and others that include installers to legitimate programmes.

The company says that through monitoring, it has been able to track how Crysis uses brute-force RDP credentials and ransomware to infect Windows users through local drives, and access through printers, multimedia devices and even the Clipboard.

Oliver explains that RDP is an inbuilt feature of Windows and allows users to connect to others over a network connections. These open connections have been the targets of attacks, information theft and botnet hosting.

Crysis can also scan and encrypt files on network shares and removable drives, meaning that ransomware operators can make the most of the exploits for profit. Dedicated hackers can access the system by gaining administrator permission and causing more damage by encrypting data.

Oliver explains that attacks against Australian and New Zealand businesses have targeted connected devices, such as printers and routers. This method allows Crysis attackers to get access again and take control of a system multiple times, even after malware has been removed. Oliver says this is a key reason why businesses should not pay ransomware demands.

Trend Micro recommends:

  • Administrators close or convert the RDP port to a non-standard port.
  • Updating and strengthening RDP credentials
  • Using two-factor authentication
  • Using secure wipes during cleanups
  • Keeping RDP clients and server software up to date
  • Using the three-copy backup system for data: two different media formats, with one backup stored offline.
  • Using multi-layered security to prevent and mitigate attacks
Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More