Malware News Crysis Ransomware Appears Out of Thin Air to Take TeslaCrypt's Place

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
While everybody was expecting Locky, CryptXXX, or Cerber, Crysis swoops in to steal the show from the headliners

Named Crysis, first versions of this ransomware were spotted online in mid-February. ESET claims that these were not some of the best they've seen, and the company's experts believe they might be able to crack their encryption system.

crysis-ransomware-appears-from-thin-air-to-take-teslacrypt-s-place-505082-2.jpg


Unfortunately, they're not so confident when it comes to its latest versions, though, revealing that Crysis features a strong encryption mechanism that goes after local files, network shares, and even removable drives once it infects a target.

Crysis encrypts almost every file on your PC
Crysis doesn't bother targeting certain file extensions but encrypts every file it can get it hands on, except its own binaries and core Windows files. Even files without an extension won't escape.

Once the encryption process finishes, Crysis communicates to its C&C server, sends local computer details in order to identify the infected target, and tells it the number of files it encrypted.

At this point, the ransomware's operations are almost done, and all that's left to do is to drop a text file on the user's desktop named "How to decrypt your files.txt" and then change the user's desktop.

Read more:
Crysis Ransomware Appears Out of Thin Air to Take TeslaCrypt's Place
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
...
Crysis encrypts almost every file on your PC

Crysis doesn't bother targeting certain file extensions but encrypts every file it can get it hands on, except its own binaries and core Windows files. Even files without an extension won't escape.
...
But where will they stop with their ransomware ? :eek:

It seems it already tried to attack MalwareTips :
Crysis says Hi :p

Thanks for the article :)
 
Last edited:
  • Like
Reactions: Der.Reisende

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Considering that it will make your computer unbootable due to encrypting Windows core files then the risk of destruction is obvious.

Its a matter of taste on medicine where side effects really varies.
 
  • Like
Reactions: Der.Reisende

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top