CryPy ransomware assigns a unique key to each encrypted file

2 minute read

Home » News » CryPy ransomware assigns a unique key to each encrypted file

When evil hackers are bored, they don’t stop until they find new ways to do harm and make money off their victims’ backs. A new threat is sowing fear among Internet users, and it’s a ransomware variant dubbed “CryPy”, which was written in the Python language. Unlike other malware, it assigns a unique key to each file that’s encrypted on the victim’s system and it’s very hard to decrypt it.

We’ve been warned about the existence of CryPy by AVG researcher, Jakub Kroustek, who posted on his Twitter account that this ransomware was spotted in the wild. It seems that CryPy is composed of two files: boot_common.py, which is used for error-logging on Windows and encryptor.py, which is the locker and contains a number of functions. It seems that there’s a web server in Israel, which was compromised using a vulnerability in a content management (Magento) and hackers used the server for phishing attacks.

It is believed that behind these attacks are some Hebrew-speaking developers, who were able to steal Paypal credentials and then forward them to a remote server in Mexico containing different content management, but the same file upload technique. As for CryPy, once it infects a system, it disables features that usually terminate malware, such as Registry Tools, Task Manager, CMD and Run. After that, it encrypts files and it assigns a unique key for each file that’s encrypted. Then, victims are sent a ransom note which says:

“All your files are encrypted with strong chiphers [sic]. Decrypting of your files is only possible with the decryption program, which is on our secret server. Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose. Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files. To receive your decryption program contact one of the emails: 1. m4n14k@sigaint[.]org 2. blackone@sigaint[.]org. Just inform your identification ID and we will give you next instruction. Your personal identification ID:”

It isn’t known if the ransomware has made any victims yet, but it’s important to install powerful anti-ransomware software, to avoid these attacks.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

There was a problem joining the game [QUICK FIX]

Alexandra Miu avatar. By: Alexandra Miu
2 minute read

The essence of so many games lies in the multiplayer mode, where players can join their friends and share the gaming experience. However, there seems […]

Continue Reading

Windows 10 deleted Microsoft Office [TECHNICIAN FIX]

Tashreef Shareef avatar. By: Tashreef Shareef
3 minute read

The recent Microsoft Windows updates have been more of a miss than a hit and that has cost several users their personal data files and […]

Continue Reading

Convert colors to a destination document Photoshop error [FIX]

Alexandra Miu avatar. By: Alexandra Miu
2 minute read

Have you ever received this message Are you sure you want to convert colors to a destination document with a color profile that does not […]

Continue Reading