Crysis – A New, More Vicious Virus Takes The Stage

In the first half of 2016 a number of hospitals fell victim to ransomware attacks. Hollywood Presbyterian Medical Center in LA was the first to feel pain. This was followed by attacks on both Methodist Hospital in Henderson, KY and King’s Daughter’s Health in Madison, IN. Both of these two hospitals were infected with a strain of ransomware called Locky.

However, it appears that a new, even more devastating strain of ransomware, appropriately named Crysis, has taken center stage, making ransomware protection even more critical.

Crysis can exfiltrate data and take control of the data on hackers’ servers. This is a new development, making ransomware protection even more important to the Healthcare industry.

What makes Crysis so deadly?

  • Crysis will infect all of the files on your device with the exception of the files that allow you to turn on your device. Crysis contains a strong encryption mechanism, which attacks network shares, local files and even removable drives. In comparison, the virus Locky only infects specific content files. Essentially, with Locky, you could still utilize your device, just not access the infected files.
  • Crysis can hijack administrative control. By doing this, hackers will have total control of your computer as long as the credentials remain the same.
  • Crysis can exfiltrate data and take control of the data on hackers’ servers. This is a new development. Previously, it was debated whether a ransomware attack could be categorized as an actual data breach since information was not affected, simply locked. With Crysis, this is no longer the case.

Unfortunately for Healthcare providers, Crysis is giving hospitals two new pain points. First, a hospital’s computers become unstable and encrypted unless a ransom is paid. Second, hospitals would be forced to inform the government and patients that a data breach has occurred. Neither of these were issues with previous ransomware viruses such as Locky or TeslaCrypt.

How does Mice 360 ransomware protection work?

What is Ransomware / Spear Phishing?

A recipient clicks on a link within what appears to be a legitimate email. Rogue software is then downloaded that encrypts all the files on the computer it is installed on, propagating through other computers and servers if it is on a network. The sender will then demand payment in return for access to the keys.

The Mice 360 Solution to Ransomware / Spear Phishing

The Mice 360 system verifies all application traffic, including specific monitoring for encryption activity that is not part of the Mice 360 solution. If ransomware begins to activate, Mice 360 identifies the non-Mice 360 encryption activity and shuts down the rogue application’s access.

What is Social Engineering / Email Spoofing?

Hackers use forged email addresses to trick recipients into interacting with what appears to be a legitimate email from a trusted source. In the case of the Milwaukee Bucks, an employee was tricked into sharing the team’s W-2 forms after receiving what seemed to be a legitimate request for them from the team’s president.

The Mice 360 Solution to Social Engineering / Email Spoofing

The Mice 360 email system scans every email to confirm a digital signature, providing the recipient with a warning if the sender and email address are mismatched. This alert informs the recipient that the email is suspicious and should be treated accordingly.

To learn more about how Mice 360 can provide your organization with ransomware protection and secure all of its devices, including implanted medical devices, contact us today.