ESET, a leading proactive threat detection company, detected a new ransomware Crysis campaign, which spreads throughout Latin America through malicious emails and It’s affecting companies from different markets.
For the time being, Brazil (22%) appears as the most affected country, followed by Mexico (19%), Colombia (17%), Argentina (16%) and Peru (9%).
Crysis was in the top 5 of the most detected ransomware in Latin America during the 2017 and caused great losses of data to several companies of the region and worldwide. Without having been enough for the attackers, they decided to launch a new campaign of infection composed by emails with malicious attachments that have the mission to infect the victim’s team.
Once the computer has been infected, the threat attempts to create registry keys and copy them into four directories to ensure their persistence, thus achieving the execution of the ransomware at each boot of the operating system in order to encrypt new files. After being copied, the malicious code will execute the command to delete Windows backups.
The next step will be to encrypt all the files of the system adding to each one an alphanumeric identifier and the mail to contact the attacker. Finally, Crysis creates a series of files to notify the victim that their files were encrypted and what steps to follow to retrieve the information.
According to the latest edition of the ESET Security report 2017, the ransomware represents the main concern for companies. “From ESET we bet on education and awareness as the main tools of protection. As for the ransomware, it is also essential to have a solution that protects mail servers; especially given that email is the main vector of infections. On the other hand, it is important to avoid divulging public mail accounts; Pay attention to the contents of the messages received; Keep the operating system and software up to date, and finally: backing up the information is essential, “said Camilo Gutiérrez, head of the Research Laboratory of ESET Latin America.