Crysis

Crysis Threat Actor Installing Venus Ransomware Through RDP

AhnLab Security Emergency response Center (ASEC) has recently discovered that the Crysis ransomware’s threat actor is also using the Venus ransomware in the attacks. Crysis and Venus are both major ransomware types known to target externally exposed remote desktop services. [1] Actual logs from the AhnLab Smart Defense (ASD) infrastructure also show attacks being launched through RDP. Aside from Crysis and Venus, the threat actor also installed a variety of other tools such as Port Scanner and Mimikatz. If the infected…