back to article Crysis creeps: Our ransomware locks network drives and PCs. Bargain

Cybercrooks have put together a new strain of ransomware that lifts corporate data as well as encrypting files on compromised computers. Crysis grabs admin privileges, collects the victim computer's name and some encrypted files before uploading them to a remote command and control server. The ransomware encrypts files on …

  1. spamspamspam

    When you write these sort of attention-grabbing sky-is-falling articles could you put in which platforms/os are known to be affected please?

    Ta

    1. SteveK

      Or to put it another way, "Does it run Crysis?"

    2. a_yank_lurker

      @spamspamspam - I always want to know the OS targeted. The usual suspect is Winbloat based on previous attacks, but this is not proof. Also, an important detail is how is this attack propagated. I would like to know even if it is protect myself, my family, and friends.

      1. Prst. V.Jeltz Silver badge

        how is this attack propagated

        @yank Lurker

        I think the article mentioned that the attack is propapated by idiots clicking on spam email attachments like winning_lottery_ticket_details.pdf.exe

        Microsoft is a co conspirator here because they deliberately hide file extensions by default for the sole purpose of aiding criminals as far as i can tell . and also making it tricky to know which "install" icon to click on when installing a program.

        So to protect your friends and family i'd give them the usual advice about spam emails and attachments - and also to turn file extensions on!

  2. Paul Crawford Silver badge
    Trollface

    "using double file extensions or as seemingly innocent installers"

    Oh dear, I had thought those glory days were gone. Still, nice to see the old "make it easy for users" changes for Windows are still working their magic.

    Now how long until some Linux GUI Muppet decides they need the same...

  3. DNTP

    <Strength mode activated>

    *Grabs a server and throws it fifty meters to knock a guy off a sentry tower*

  4. Anonymous Coward
    Anonymous Coward

    Don't you think it's about time we (the world in general) made the punishment for writing, distributing and profiting from viruses / malware / trojans much, MUCH more severe? Even when they do catch the perps, all they get is a slap on the wrist. It's rare to see, Virus writer, captured, has house taken in profits of crime case.

    Given that cyber crime is the fast growing type of crime, something needs to be done !!!

    *For me, they'd be the first against the wall when the revolution comes...

    1. Winkypop Silver badge
      Devil

      Public floggings too much?

      It could make for a new reality TV genre: Wip it, Wip it good.

    2. Anonymous Coward
      Anonymous Coward

      Don't you think it's about time we (the world in general) made the punishment for writing, distributing and profiting from viruses / malware / trojans much, MUCH more severe?

      Much as I'd like it to, the death penalty doesn't seem to deter murderers. If you had much, much higher detection and successful prosecution rates that might help, but ultimately there's always somebody thinks that there is free money to be had by shitting on somebody else, so it won't go away. Add in that the Ruskies and Chinks don't care about mayhem caused by their citizens in non-domestic situations, and the "demand" side of malware isn't going to be crushed.

      Users can't be relied upon to be "sensible", because they're just users. They don't have to know how a lock works to use a door, why should they have to be IT savvy to use a computer? So if you'll buy those assertions, sadly the problem sits with lazy, fuckwit OS makers (Google, Microsoft in particular), aided and abetted by various lazy fuckwit application makers (Adobe...and Adobe.....Adobe as well.....oooh, and Adobe...plus maybe somebody else).

      FFS, it's 2016. It really shouldn't be possible for a dumb user to simply click on the wrong thing and then have all their files encrypted in the background. But Microsoft, Google, and Adobe don't care. They all still live in the world of 20th century software, where the game is to ship out crap, update it a bit until they've got an acceptable market share, then relax and do nothing to improve the flaws in their code, because there's no downside to them when users get hit.

      1. Anonymous Coward
        Anonymous Coward

        @Ledswinger

        You might as well add Apple and every other OS maker/Linux distro out there to your list. *Every* OS and application is vulnerable if the user lacks basic IT skills. How many youtube videos are there where users give up their password for a bar of chocolate or something similar ?

        End users see something they want and click yes, approve, or whatever. They will do the same on each OS. Recently I had to help out a guy who used Mint as a desktop OS, and thought he was an IT wizard... right up until he clicked a link in a phishing email (supposedly from his bank, and it did look legit at first sight) and entered user/pass for his primary email account. He didn't get ransomware, just a polite email stating that his data was removed from his dropbox account, and he could get it back at a "reasonable" price.

        I agree that Adobe Flash should die, and client side Java even more so. But the biggest problem has always been, still is, and will be for the foreseeable future, the utter lack of understanding of anything IT-related of end users. The industry itself is a big part of that problem : I still don't see why for example Facebook doesn't require 2FA for all accounts. Or maybe I do : it might hurt revenue.

        1. Paul Crawford Silver badge

          Re: @Ledswinger

          You are right to a point about fuckwit users, but the MS move of hiding the file extension was a good trick for fooling partially sensible users by sending nicephoto.jpg.exe so they see in the file manager a JPEG photo, and the exe bit is lost.

          Now you can harden both Linux and Windows against the click-and-run thing, for example by making all user-writeable areas non-execute (you do put /home in a separate partition, don't you?). But as you say, a user willing to provide name & password to a suspect link is just a big problem.

          2FA is a big step forward, and Fartbook do support that, but when I had an account with them I was absolutely not going to give the data-slurping bastards by phone number as well. My bank uses 2FA for some things, or a card reader in other cases, so for major stuff it exists now. But having a universal fob that you can use when signing up for ANY service would be nice, so you don't end up with a whole pile of crap to take with you anywhere you want to be secure and don't trust your phone (it is both internet connected, and probably unpatched, where as a random number fob has only I guess a public/private key pair that one half of needs securing and it need not be on the Internet).

      2. Kurt Meyer

        @ Ledswinger

        "Chinks"

        Really? Chinks?

        I suppose in your defence, the word is one letter shorter than "Chinese". In these uncertain times it might be wise to save a letter here and a letter there. After all, a letter saved is a letter earned.

        Perhaps you could up your game and try "Gooks" next time.

    3. Kurt Meyer

      When the revolution comes...

      @ AC

      I was with you right up until your last sentence.

      "For me, they'd be the first against the wall when the revolution comes..."

      For me, it will be the driving licence examiners.

    4. oldcoder

      First, don't use the most vulnerable system ever created...

      second, don't be stupid.

      The problem isn't the sentencing - it is the finding, and proving.

      The sentences already are 10 years and greater.

      1. Danny 14

        "First, don't use the most vulnerable system ever created..."

        Righto. So no VPN into work from home? No WEBDAV? SFTP? You can have internal lockdowns as much as you want but as soon as you have external access to any resource for staff then you need to plan for these sorts of things. Afterall, there is nothing stopping staff accidentally moving/deleting/archiving/encrypting manually ANYTHING that they can write to (in one way or another).

        File versioning is a quick and dirty solution (and available since 2003) or backups that use independent privs and access to the common drives. Even if you do use 100% windows stuff, there is no excuse to having at least +x week rolling archive backup for various reasons - at least the most you would lose is 1 week (which may be a disaster for a company sure, but if so then PLAN FOR IT). Have the backup running off the network and attached to the storage independently so it cannot be compromised by something happening on the network. Sure that becomes a slight management pain but at least you have safe backups.

        In short, it doesn't matter what OS you run, there is always the possibility of data loss through non-malicious reasons so plan for it. It just so happens that crypto virus automate the stupidity process for the user.

        1. Paul Crawford Silver badge

          "crypto virus automate the stupidity process"

          Very much so. While I do feel for those suffering data loss, it could just as easily be a careless file deletion, and accidental format of a partition, a hardware fault, or the theft/loss of a laptop.

          If you don't have a usable and protected backup, you don't really have your data. It is simply a matter of time...

    5. PhillW

      "For me, they'd be the first against the wall when the revolution comes"

      First, surely after bankers and estate agents............... methinks you are blowing this out of proportion!

    6. DMcDonnell

      Share and enjoy.

  5. Cuddles

    "seemingly innocent installers"

    Exactly how innocent can a random installer in an unsolicited email look?

    1. Richard 12 Silver badge

      Re: "seemingly innocent installers"

      A lot of sites seem to email links to their more useful documents, and even trial versions of software.

      I've even seen ones that (claim to) send out documentation as an installer - given their profile (NXP!) I presume they are imbeciles rather than malicious, but I still refuse to run it.

      So all the miscreant has to do is make it look a bit like a few of the more common ones for their target industry and spaff it out to a few million people.

      One or two of them probably are expecting emails from "X" with a link - and get eaten.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like