ESET warns of new ransomware campaign run by email

Eset, a leading proactive threat detection company, detected a new campaign of the ransomware Crysis that in the region mainly affects Brazil, Mexico, Colombia, Argentina and Peru.

Crysis was in the top 5 of the most detected ransomware in Latin America during the 2017 and caused great losses of data to several companies of the region and worldwide. Without having been enough for the attackers, they decided to launch a new campaign of infection composed by emails with malicious attachments that have the mission to infect the victim’s team.

According to Eset data about the number of Crysis detections recorded in Latin America during the last months, Brazil (22%) appears as the most affected, followed by Mexico (19%), Colombia (17%), Argentina (16%) and Peru (9%).

Once the victim’s computer has been infected, the threat attempts to create registry keys and copy them into four directories to ensure their persistence, thus achieving the execution of the ransomware at each boot of the operating system in order to encrypt new files. The threat is copied into four directories to ensure persistence and then the malicious code will execute the command to remove Windows backups.

The next step will be to encrypt all the files of the system adding to each one an alphanumeric identifier and the mail to contact the attacker. Finally, Crysis creates a series of files to notify the victim that their files were encrypted and what steps to follow to retrieve the information.

According to the latest edition of the Eset Security report 2017, the ransomware represents the main concern for companies. “From Eset we bet on education and awareness as the main tools of protection. As for the ransomware, it is also essential to have a solution that protects mail servers; Especially given that email is the main vector of infections. On the other hand, it is important to avoid divulging public mail accounts; Pay attention to the contents of the messages received; Keep the operating system and software up to date, and finally: Backing up information is essential, said Camilo Gutierrez, head of the Research laboratory at Eset Latin America.