Hackers are playing Crysis on remote business computers, and it’s not a fun game

trend micro crysis ransomware windows remote desktop hacker in front of computer hacking hack hacked
At one time there was ongoing joke in the gaming industry about whether a PC can run Crysis, a first-person shooter from Crytek that was essentially ahead of its time. After its launch in 2007, the game was unplayable on high-end hardware when set at its high resolutions and settings, thus the game became a benchmark for years. Since then, technology has caught up, and now the “Crysis” name has resurfaced in the form of ransomware that is now attacking businesses in Australia and New Zealand.

Although Crysis originally surfaced back in February, these latest attacks were first discovered by Trend Micro in early August. It’s distributed through spam emails packed with a Trojan-based attachment or a link to a compromised website. It also lurks on websites that distribute fake installers for valid programs and applications sold through retail.

However, the security firm also discovered that the hackers behind the latest attacks are sneaking Crysis into business networks through the Remote Desktop feature built into the Windows platform. This service allows the user to remotely access another Windows machine as well as other local devices and resources like printers, the Clipboard, plug and play media, and more. A remote computer’s hard drive can even be shared (mapped), allowing other users to access the drive’s contents as if it’s installed in their machine.

According to Trend Micro, the hackers are grabbing Remote Desktop credentials by using brute force attacks, a method that employs software to continuously guess a password until the correct one is determined. Once hackers gain access to a remote computer, they use Crysis to encrypt the computer’s local files, forcing companies to shell out big bugs to regain access.

However, Trend Micro reports that Crysis can be used on an even larger scale. Once it encrypts the files on a remote computer, it has the ability to scan for mapped drives, removable drives, and other devices on the network, and infect those as well. Crysis could eventually migrate to the company’s file server and hold its contents hostage for even bigger bags of cash.

“Cleanup from Crysis has been noted to be tricky. In its attacks on Australian and New Zealand businesses, we saw this ransomware injecting Trojans to redirected and/or connected devices such as printers and routers,” the security firm reports. “This part of Crysis’ infection chain allows the attackers to regain access to and reinfect the system, even after the malware has been removed from the affected computer.”

That means if a business pays the hackers money to regain access to their files, those hackers can re-encrypt the files again. Trend Micro recommends that companies located in Australia and New Zealand should shut down access to Remote Desktop, or change the port that the Remote Desktop protocol (RDP) is currently using. Companies should also beef up Remote Desktop credentials and enforce two-step authentication, which requires a second form of identification on top of the Remote Desktop login credentials.

“Ensuring that connected devices are securely wiped during cleanups can mitigate the risks of further damage, while utilizing encryption channels can help foil attackers from snooping on remote connections,” the firm adds. “Keeping the RDP client and server software up-to-date can also prevent potential vulnerabilities in RDPs from being exploited.”

Naturally, Trend Micro has the perfect solution for keeping Crysis off a company’s network: its service for enterprises, and its service for small to medium-sized businesses.

Emerging Tech

Hear the sounds of wind on Mars from InSight’s latest audio recording

NASA's InSight craft has captured the sound of the wind blowing on the surface of Mars. The audio file was picked up by the air pressure sensor and the seismometer which detected vibrations from the 10 to 15 mph winds in the area.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.

Changing file associations in Windows 10 is quick and easy with these steps

Learning how to change file associations can make editing certain file types much quicker than manually selecting your preferred application every time you open them. Just follow these short steps and you'll be on your way in no time.

Windows 10 user activity logs are sent to Microsoft despite users opting out

Windows 10 Privacy settings may not be enough to stop PCs from releasing user activity data to Microsoft. Users discovered that opting out of having their data sent to Microsoft does little to prevent it from being released.

Intel's discrete graphics will be called 'Xe,' IGP gets Adapative Sync next year

Intel has officially dubbed its discrete graphics product Intel Xe, and the company also provided details about its Gen11 IGP. The latter will include adaptive sync support and will arrive in 2019.

Intel answers Qualcomm's new PC processors by pairing Core and Atom in 'Foveros'

Intel has announced a new packaging technology called 'Foveros' that makes it easier for the company to place multiple chips together on one package. That includes chips based on different Intel architectures, like Core and Atom.

Razer’s classic DeathAdder Elite gaming mouse drops to $40 on Amazon

If you're looking to pick up a new gaming mouse for the holidays, Amazon has you covered with this great deal on the classic Razer DeathAdder Elite gaming mouse with customizable buttons, RGB lighting, and a 16,000 DPI optical sensor.

Intel's dedicated GPU is not far off -- here's what we know

Did you hear? Intel is working on a dedicated graphics card. It's called Arctic Sound and though we don't know a lot about it, we know that Intel has some ex-AMD Radeon graphics engineers developing it.

Firefox 64 helps keep your numerous tabs under control

Mozilla officially launched Firefox 64 by placing new features into the laps of its users including new tab management abilities, intelligent suggestions, and a task manager for keeping Firefox's power consumption under control.

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.

Apple MacBook Air vs. Microsoft Surface Pro 6

The MacBook Air was updated with more contemporary components and a more modern design, but is that enough to compete with standouts like Microsoft's Surface Pro 6 detachable tablet?

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts.

Email take-backsies! Gmail's unsend feature is one of its best

Everyone has sent a message they wish they could take back. How great would it be if you could undo that impulsive email? If you're a Gmail user, you can. Here's how to recall an email in Gmail.