CryPy ransomware assigns a unique key to each encrypted file

Costea Lestoc By: Costea Lestoc
2 minute read

Home » CryPy ransomware assigns a unique key to each encrypted file

When evil hackers are bored, they don’t stop until they find new ways to do harm and make money off their victims’ backs. A new threat is sowing fear among Internet users, and it’s a ransomware variant dubbed “CryPy”, which was written in the Python language. Unlike other malware, it assigns a unique key to each file that’s encrypted on the victim’s system and it’s very hard to decrypt it.

We’ve been warned about the existence of CryPy by AVG researcher, Jakub Kroustek, who posted on his Twitter account that this ransomware was spotted in the wild. It seems that CryPy is composed of two files: boot_common.py, which is used for error-logging on Windows and encryptor.py, which is the locker and contains a number of functions. It seems that there’s a web server in Israel, which was compromised using a vulnerability in a content management (Magento) and hackers used the server for phishing attacks.

It is believed that behind these attacks are some Hebrew-speaking developers, who were able to steal Paypal credentials and then forward them to a remote server in Mexico containing different content management, but the same file upload technique. As for CryPy, once it infects a system, it disables features that usually terminate malware, such as Registry Tools, Task Manager, CMD and Run. After that, it encrypts files and it assigns a unique key for each file that’s encrypted. Then, victims are sent a ransom note which says:

“All your files are encrypted with strong chiphers [sic]. Decrypting of your files is only possible with the decryption program, which is on our secret server. Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose. Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files. To receive your decryption program contact one of the emails: 1. m4n14k@sigaint[.]org 2. blackone@sigaint[.]org. Just inform your identification ID and we will give you next instruction. Your personal identification ID:”

It isn’t known if the ransomware has made any victims yet, but it’s important to install powerful anti-ransomware software, to avoid these attacks.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

How to fix Unhandled Exception error in Windows 10

Sovan Mandal avatar. By: Sovan Mandal
5 minute read

6 solutions to fix  Unhandled Exception Errors Perform clean boot Perform SFC scan Run the Hardware Troubleshooter Perform virus scan Un-install and re-installing .NET Framework […]

Continue Reading

10 Christmas gift ideas for your doting mom and dearest dad

Sovan Mandal avatar. By: Sovan Mandal
4 minute read

The yuletide season is here and shopping has already reached frenzied proportions. Also, your mom and dad are easily among the most important persons you […]

Continue Reading

What to do if you cannot load the management console

Sovan Mandal avatar. By: Sovan Mandal
2 minute read

Trying to run the Trusted Platform Module (TPM) Management console in Windows 10 can often lead to the Cannot load management console error. This again […]

Continue Reading