CryPy ransomware assigns a unique key to each encrypted file

By: Costea Lestoc
2 minute read

When evil hackers are bored, they don’t stop until they find new ways to do harm and make money off their victims’ backs. A new threat is sowing fear among Internet users, and it’s a ransomware variant dubbed “CryPy”, which was written in the Python language. Unlike other malware, it assigns a unique key to each file that’s encrypted on the victim’s system and it’s very hard to decrypt it.

We’ve been warned about the existence of CryPy by AVG researcher, Jakub Kroustek, who posted on his Twitter account that this ransomware was spotted in the wild. It seems that CryPy is composed of two files: boot_common.py, which is used for error-logging on Windows and encryptor.py, which is the locker and contains a number of functions. It seems that there’s a web server in Israel, which was compromised using a vulnerability in a content management (Magento) and hackers used the server for phishing attacks.

It is believed that behind these attacks are some Hebrew-speaking developers, who were able to steal Paypal credentials and then forward them to a remote server in Mexico containing different content management, but the same file upload technique. As for CryPy, once it infects a system, it disables features that usually terminate malware, such as Registry Tools, Task Manager, CMD and Run. After that, it encrypts files and it assigns a unique key for each file that’s encrypted. Then, victims are sent a ransom note which says:

“All your files are encrypted with strong chiphers [sic]. Decrypting of your files is only possible with the decryption program, which is on our secret server. Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose. Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files. To receive your decryption program contact one of the emails: 1. m4n14k@sigaint[.]org 2. blackone@sigaint[.]org. Just inform your identification ID and we will give you next instruction. Your personal identification ID:”

It isn’t known if the ransomware has made any victims yet, but it’s important to install powerful anti-ransomware software, to avoid these attacks.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading