CryPy ransomware assigns a unique key to each encrypted file

Costea Lestoc By: Costea Lestoc
2 minute read

Home » News » CryPy ransomware assigns a unique key to each encrypted file

When evil hackers are bored, they don’t stop until they find new ways to do harm and make money off their victims’ backs. A new threat is sowing fear among Internet users, and it’s a ransomware variant dubbed “CryPy”, which was written in the Python language. Unlike other malware, it assigns a unique key to each file that’s encrypted on the victim’s system and it’s very hard to decrypt it.

We’ve been warned about the existence of CryPy by AVG researcher, Jakub Kroustek, who posted on his Twitter account that this ransomware was spotted in the wild. It seems that CryPy is composed of two files: boot_common.py, which is used for error-logging on Windows and encryptor.py, which is the locker and contains a number of functions. It seems that there’s a web server in Israel, which was compromised using a vulnerability in a content management (Magento) and hackers used the server for phishing attacks.

It is believed that behind these attacks are some Hebrew-speaking developers, who were able to steal Paypal credentials and then forward them to a remote server in Mexico containing different content management, but the same file upload technique. As for CryPy, once it infects a system, it disables features that usually terminate malware, such as Registry Tools, Task Manager, CMD and Run. After that, it encrypts files and it assigns a unique key for each file that’s encrypted. Then, victims are sent a ransom note which says:

“All your files are encrypted with strong chiphers [sic]. Decrypting of your files is only possible with the decryption program, which is on our secret server. Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose. Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files. To receive your decryption program contact one of the emails: 1. m4n14k@sigaint[.]org 2. blackone@sigaint[.]org. Just inform your identification ID and we will give you next instruction. Your personal identification ID:”

It isn’t known if the ransomware has made any victims yet, but it’s important to install powerful anti-ransomware software, to avoid these attacks.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

How to fix There was a problem connecting to Gmail error

Loredana Paraianu avatar. By: Loredana Paraianu
3 minute read

Google’s webmail service is fast, smooth and functional, but sometimes you might get There was a problem connecting to Gmail error. Do you also have […]

Continue Reading

Windows 10 v1903 blocked on PCs running 3rd-party antivirus tools

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Microsoft confirmed that third-party antivirus products are causing Windows machines to suddenly freeze. The issue appears on different Windows versions after users installed the April 2019 […]

Continue Reading

We couldn’t add all your attachments the Mail app error [FIX]

Matthew Adams By: Matthew Adams
3 minute read

The Mail and Calendar app, which comes included with Windows 10, enables users to attach files to emails much the same as most email software. […]

Continue Reading