While the news and updates of new ransomware may appear to some as a repetitive, we can't help but grasp the fact that ransomware continues to evolve into much more aggressive forms that are relentless in the path of destruction.
In the latest happenings of ransomware, we find out from the security vendor ESET that TeslaCrypt is no more. Instead, Crysis Ransomware has taken over the duties from TeslaCrypt to form ransomware that encrypts almost every file on an infected PC in addition to demanding a $1,000 ransom fee for decryption.
Essentially, Crysis Ransomware has been dubbed as a successor to TeslaCrypt as the functions and support from the original authors of TeslaCrypt have hung their hat in the efforts to propagate the threat. With each new variant of ransomware, its authors are inclined to rolling out updates for a more efficient process of extorting money from victimized computer users.
With most recent ransomware, the threats will encrypt data on an infected PC only to ask that the victimized computer user pays a ransom fee to obtain a decryption key for restoring those files. In most cases, the ransom fee is around $50 to $250 in Bitcoin. However, Crysis Ransomware is asking for a ransom fee of up to $1,000, but occasionally as low as $450. Victims are demanded to pay the ransom by first emailing and awaiting a reply to get the Bitcoin wallet address to send the funds. The instructions to send an email to obtain a wallet address are primarily a method of communicated directly with the ransomware's operators.
What has set Crysis Ransomware apart from its TeslaCrypt predecessor is that it is can communicate to a C&C (Command and Control) server to send local computer details so it may identify the infected target. Through such a process, Crysis can communicate the number of files that it encrypted upon changing the desktop background to the notification of files being encrypted, in addition to displaying a text file named "How to decrypt your files.txt."
Along with various computer security experts, we are speculating that Crysis has taken the place of TeslaCrypt and may utilize the same territory that TeslaCrypt Ransomware once guarded. As a result, Crysis may be one of the more prevalent ransomware applications that we see take precedence over all others in the weeks to come.
Computer users are urged to take proactive measures and avoid opening of questionable email attachments or those found in spam messages. Currently, Crysis Ransomware is known to spread through spam attachments and outdated websites, much like TeslaCrypt and other modern day encryption-type ransomware.