Until recently, TeslaCrypt owned the lion’s share of the security community’s ransomware attention. However, the malware-makers have shut down their project and published a master decryption key.

While smart money was on the high-profile Locky to muscle in on TeslaCrypt territory, a low-profile offering known as Crysis ransomware is now stealing the show.

About the Front-Runner

According to SC Magazine, not only is Crysis filling the void left by TeslaCrypt, but this sneaky malware has taken the lead from Locky in number of infected devices.

It was first detected by ESET back in February 2016 and was relatively harmless. The original version didn’t use strong encryption, and with a bit of help, users could often retrieve their files without paying.

The newest iteration, however, has upped the ante with stronger algorithms that require substantial time and effort to break. Also of note: The Crysis ransomware encrypts almost every file it can find, including .exe, .dll and even files with no extension.

Fixed, network and removable drives are all fair game — the only things that don’t get encrypted are Windows system files and the malware’s own code. This broad-spectrum encryption both ratchets up user panic once infected and can also make computers unstable.

Crysis Ransomware Is Breaking In

When it comes to compromising devices, Crysis has two main vectors, Help Net Security reported: email attachments and “harmless-looking” installers. While spam email delivery isn’t anything new, the malware-makers are leveraging the old double file extension trick, which makes executables appear nonthreatening. They’re also distributing installers across shared networks that fake the name and nomenclature of popular apps.

Once compromised, computers display a splash screen that directs users to send three encrypted files to “technical support” via one of two provided email addresses. When the infection is verified, victims must pay between 400 and 900 euros — in bitcoin — for the safe return of their data.

It’s worth noting that the Crysis ransomware isn’t alone in using a mix of old and new techniques to slip through defenses and wreak havoc. For example, the Zcrypt strain leverages the autorun technique to propagate across attached devices, which was popular three years ago but fell out of fashion as security teams cracked down.

What’s old is new again. When combined with actual innovation such as all-file and strong encryption, it’s no wonder Crysis malware and similar strains are pushing the panic button for users and security pros alike. It’s further proof that ransomware writers aren’t stuck in the past or blinded by the future — cybercriminals use whatever works whenever possible to lock down files wherever they can.

More from

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging.We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically.For this reason, 75% of organizations seek to…

How IBM secures the U.S. Open

2 min read - More than 15 million tennis fans around the world visited the US Open app and website this year, checking scores, poring over statistics and watching highlights from hundreds of matches over the two weeks of the tournament. To help develop this world-class digital experience, IBM Consulting worked closely with the USTA, developing powerful generative AI models that transform tennis data into insights and original content. Using IBM watsonx, a next-generation AI and data platform, the team built and managed the entire…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…