Ransomware Is Getting Worse: What MSPs Can Do

Here’s a depressing development: Ransomware just got worse. A new ransomware strain no longer contents itself with just encrypting files and demanding ransom for a decryption key. Now it also exfiltrates files and takes over your computer.

As Wayne Rash put it in a recent eWeek article, it’s a “nightmare scenario.” The strain, appropriately named “Crisis” or “Crysis,” looks to be the next major serious malware threat.

“This malware is now able to exfiltrate critical files and user information, gain administrator rights to the computer it’s infecting and take over as an admin user. It also doesn’t matter if the computer is a PC or a Mac because Crysis can infect either platform, and once inside a network, it can also attack virtual machines and any server visible to the computer it’s on,” the eWeek article explains.

Crysis spreads to other machines through self-running files and can copy admin login information to its command-and-control server from any device it attacks. This means the malware can exfiltrate data until the login credentials are changed.

That’s bad enough, but adding insult to injury, eWeek also reports ransomware threat actors now are demanding ransom in excess of $20,000, not the $200 or $300 amounts of the recent past. You could say the bad guys aren’t playing around anymore.

Steps to Avoid Crysis

What should MSPs do to protect clients from this even more virulent form of ransomware?

  1. Educate Yourself. Knowing the extent of the threat and how it goes about its nefarious work is the obvious starting point. A recent study explains how the ransomware piggybacks on Java applets to get into a system.
  1. Tell Your Customers. Once you bone up on this threat, be sure to notify your customers through an email bulletin, a newsletter or however you communicate with them on a regular basis. Be sure to explain the potential consequences of this threat and how it differs from previous strains.
  1. Update AV Tools. While antivirus tools may miss the infected applet, since the ransomware is designed to elude detection, it is still absolutely critical to keep all client anti-malware tools up to date.
  1. Consider Advanced Tools. In addition to AV and regular data backups, consider offering advanced threat detection and malware analysis tools to add another layer of protection. Advanced tools look for characteristics that are common in malware but absent from AV malware signatures, to identify, quarantine, analyze and – if necessary – remediate malware attacks.
  1. Educate Users. Security vendors are still investigating how Crysis does its thing but have concluded social engineering is involved. As such, it is absolutely critical to educate users on social engineering tactics such as phishing, baiting and, yes, whaling, among others. Teach users how to identify and avoid these threats.

Knowledge, communication and safe habits are the basic tools to combat this new strain of ransomware. Employ them correctly, and you won’t let “crysis” become a crisis for your clients.