- Jan 24, 2011
- 9,378
While everybody was expecting Locky, CryptXXX, or Cerber, Crysis swoops in to steal the show from the headliners
Named Crysis, first versions of this ransomware were spotted online in mid-February. ESET claims that these were not some of the best they've seen, and the company's experts believe they might be able to crack their encryption system.
Unfortunately, they're not so confident when it comes to its latest versions, though, revealing that Crysis features a strong encryption mechanism that goes after local files, network shares, and even removable drives once it infects a target.
Crysis encrypts almost every file on your PC
Crysis doesn't bother targeting certain file extensions but encrypts every file it can get it hands on, except its own binaries and core Windows files. Even files without an extension won't escape.
Once the encryption process finishes, Crysis communicates to its C&C server, sends local computer details in order to identify the infected target, and tells it the number of files it encrypted.
At this point, the ransomware's operations are almost done, and all that's left to do is to drop a text file on the user's desktop named "How to decrypt your files.txt" and then change the user's desktop.
Read more:
Crysis Ransomware Appears Out of Thin Air to Take TeslaCrypt's Place
Named Crysis, first versions of this ransomware were spotted online in mid-February. ESET claims that these were not some of the best they've seen, and the company's experts believe they might be able to crack their encryption system.
Unfortunately, they're not so confident when it comes to its latest versions, though, revealing that Crysis features a strong encryption mechanism that goes after local files, network shares, and even removable drives once it infects a target.
Crysis encrypts almost every file on your PC
Crysis doesn't bother targeting certain file extensions but encrypts every file it can get it hands on, except its own binaries and core Windows files. Even files without an extension won't escape.
Once the encryption process finishes, Crysis communicates to its C&C server, sends local computer details in order to identify the infected target, and tells it the number of files it encrypted.
At this point, the ransomware's operations are almost done, and all that's left to do is to drop a text file on the user's desktop named "How to decrypt your files.txt" and then change the user's desktop.
Read more:
Crysis Ransomware Appears Out of Thin Air to Take TeslaCrypt's Place
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}