CrySIS ransomware targeting businesses is on the rise

A security threat known as Dharma ransomware (also called as CrySIS) is fastly spreading via several distribution methods, thus having a 148 percent increase in detections over a two-month period.

According to a blog post from investigators at Malwarebytes Labs, attackers are primarily targeting businesses with computers running Microsoft’s Windows operating system.

Once they gain access to the target device, they wipe out Windows Restore points, capture the computer’s name and send its details to a server they control. Dharma ransomware then threatens to hold any stolen files hostage until the victim pays an amount of bitcoin to a set of email addresses.

CrySIS users often trick unsuspecting businesses into clicking on malicious links in email messages by using double file extensions, which can make it seem harmless if Windows is set to default mode.

In order to disguise Dharma/CrySIS as a component of a legitimate software application, such as an antivirus detection tool. Mistaking the threat for installation files, victims may then download and execute the software themselves.