CrySIS Ransomware A Long-Standing Threat with a New Twist

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The ransomware family CrySIS, dubbed Dharma, has been advancing since 2016. Its source code was made available to the public, enabling others to customize it for their use. The criminals behind the malware employ various tactics to infiltrate systems through exposed Microsoft Remote Desktop Protocol (RDP) servers. It is also being spread through phishing emails with attachments made to look like legitimate software installers.