Remote Attacks Cause CrySiS Ransomware Infections

Computer hackers use remote desktop attacks brute force using the RDP protocol to cause CrySiS ransomware attacks on compromised hosts.

CrySiS Ransomware Once Again Is A Danger To Look Out For

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Computer criminals continue to attempt dangerous ransomware attacks. The last reports we received from the security community shows that a hacker collective is carrying out brute force attacks with the goal of infecting their targets with the CrySiS ransomware. The last major campaign that carried this malware was detected in September last year. The volume of CrySiS ransomware attacks has doubled since then.

Read our in-depth removal guide to learn more the about CrySiS ransomware

The security experts state that most of them are targeted against the healthcare institutions located in the United States of America as well as other critical and high-profile sectors. They believe that the same hacker collective responsible for the prior attack campaign are operating the attacks. The attackers initiate remote desktop connections and employ brute force attacks to try and infect the target hosts.

The interesting thing about the CrySiS campaigns is that they use two methods of payload delivery. Either by connecting to network shares via the RDP protocol or by using the clipboard function. Both of these techniques expose the local resources of the attackers to the remote host. The brute force software uses a dictionary attack which attempts various default and often used username and password combinations. By default RDP features are enabled which means that system administrators need to disable the function to defend their systems from incoming attacks.

This particular campaign has been labeled as dangerous because of its efficiency – various tests have shown that its infection frequency is about 6 virus samples within a 10-minute period. This means that when launched the virus can spread to one host per minute at the devised strength. If the network attack were to grow, for example with the use of a large botnet, and the target list is expanded to include more hosts, then we could see a massive global infection of ransomware samples.

According to the security analysis the hacker collective responsible for the attack had multiple file variants which were used simultaneously.

Read our in-depth removal guide to learn more the about CrySiS ransomware

How To Defend Against The CrySiS Ransomware Attacks

Computer administrators can mitigate some of the attacks by following a few security recommendations:

  • Network analysis can show malicious attacks. Newer versions of the Windows operating system feature the Windows Event Viewer which shows detailed OS logs Remote Desktop connections.

  • Potential risks can be reduced by adopting a stronger security policy. Access to shared drives and clipboard can be disabled. This can prevent file transfers over the RDP protocol.

  • The use of a quality anti-spyware utility can remove active infection and keep all hosts protected at all times.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *