CryPy ransomware assigns a unique key to each encrypted file

Costea Lestoc By: Costea Lestoc
2 minute read

Home » News » CryPy ransomware assigns a unique key to each encrypted file

When evil hackers are bored, they don’t stop until they find new ways to do harm and make money off their victims’ backs. A new threat is sowing fear among Internet users, and it’s a ransomware variant dubbed “CryPy”, which was written in the Python language. Unlike other malware, it assigns a unique key to each file that’s encrypted on the victim’s system and it’s very hard to decrypt it.

We’ve been warned about the existence of CryPy by AVG researcher, Jakub Kroustek, who posted on his Twitter account that this ransomware was spotted in the wild. It seems that CryPy is composed of two files: boot_common.py, which is used for error-logging on Windows and encryptor.py, which is the locker and contains a number of functions. It seems that there’s a web server in Israel, which was compromised using a vulnerability in a content management (Magento) and hackers used the server for phishing attacks.

It is believed that behind these attacks are some Hebrew-speaking developers, who were able to steal Paypal credentials and then forward them to a remote server in Mexico containing different content management, but the same file upload technique. As for CryPy, once it infects a system, it disables features that usually terminate malware, such as Registry Tools, Task Manager, CMD and Run. After that, it encrypts files and it assigns a unique key for each file that’s encrypted. Then, victims are sent a ransom note which says:

“All your files are encrypted with strong chiphers [sic]. Decrypting of your files is only possible with the decryption program, which is on our secret server. Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose. Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files. To receive your decryption program contact one of the emails: 1. m4n14k@sigaint[.]org 2. blackone@sigaint[.]org. Just inform your identification ID and we will give you next instruction. Your personal identification ID:”

It isn’t known if the ransomware has made any victims yet, but it’s important to install powerful anti-ransomware software, to avoid these attacks.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

Top 4 Blu-Ray creator software to create Blu-Ray videos

Daniel Segun By: Daniel Segun
Less than a 1 minute read

Blu-ray is, without doubt, the most powerful video content hub today, which is a marked improvement to the preceding DVD medium. However, its convenience of […]

Continue Reading

How can I recover PowerPoint passwords within minutes?

Daniel Segun By: Daniel Segun
5 minute read

Microsoft PowerPoint presentations usually contain important, sometimes classified, documents. Hence, most people tend to password-protect such documents against unauthorized access. However, what happens if you […]

Continue Reading

5 automated receptionist software for increased productivity

Madhuparna Sukul avatar. By: Madhuparna Sukul
Less than a 1 minute read

The reception desk is the face and voice of any organization. An automated receptionist software simplifies the entire process of visitor management. Whether it’s the customer, […]

Continue Reading