SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Malware
#
Ransomware
Trend Micro warns NZ & Australian firms about Crysis ransomware
Tue, 20th Sep 2016
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

New Zealand and Australian businesses are being warned to watch out for Crysis ransomware, which operates through remote desktop protocol (RDP) attacks.

Jon Oliver, senior architect at Trend Micro, has covered the spread of the ransomware family, known as RANSOM_CRYSIS.A. It has been in circulation in the ANZ region since June this year, in a gap left by the exit of TeslaCrypt and in direct competition to the Locky ransomware.

Oliver says that the Crysis ransomware is spread through spam emails using trojanised attachments, or through links to compromised websites and others that include installers to legitimate programmes.

The company says that through monitoring, it has been able to track how Crysis uses brute-force RDP credentials and ransomware to infect Windows users through local drives, and access through printers, multimedia devices and even the Clipboard.

Oliver explains that RDP is an inbuilt feature of Windows and allows users to connect to others over a network connections. These open connections have been the targets of attacks, information theft and botnet hosting.

Crysis can also scan and encrypt files on network shares and removable drives, meaning that ransomware operators can make the most of the exploits for profit. Dedicated hackers can access the system by gaining administrator permission and causing more damage by encrypting data.

Oliver explains that attacks against Australian and New Zealand businesses have targeted connected devices, such as printers and routers. This method allows Crysis attackers to get access again and take control of a system multiple times, even after malware has been removed. Oliver says this is a key reason why businesses should not pay ransomware demands.

Trend Micro recommends:

  • Administrators close or convert the RDP port to a non-standard port.
  • Updating and strengthening RDP credentials
  • Using two-factor authentication
  • Using secure wipes during cleanups
  • Keeping RDP clients and server software up to date
  • Using the three-copy backup system for data: two different media formats, with one backup stored offline.
  • Using multi-layered security to prevent and mitigate attacks
Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity