CryPy Ransomware
Posted: September 12, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 46 |
First Seen: | September 12, 2016 |
---|---|
OS(es) Affected: | Windows |
The CryPy Ransomware is a file encryption Trojan that uses ciphers to block your computer's data while it demands a ransom fee. Free decryption assistance is not always available or risk-free, and malware researchers suggest using other ways of protecting your files that don't require breaking the CryPy Ransomware's encryption code. Even if you can't restore the ransomed content, deleting the CryPy Ransomware through appropriate anti-malware strategies will keep it from encoding or erasing any additional information.
A Trojan Giving You Something to Cry About
Many threat authors are moving to a business model based on renting their products out to third parties, which configure individual variants of the threatening software. However, not all threat developers have abandoned the concept of self-contained Trojans not based on recycling previously-known code. The CryPy Ransomware shows that even independent Trojans retain capabilities up to par against those of infamous families like the Crysis (which, despite the name, is completely unrelated).
The CryPy Ransomware uses code based on the Python language, a semi-rare trait that it also shares with the Zimbra Ransomware and the HolyCrypt Ransomware. The CryPy Ransomware scans your drives for media to encrypt, such as images, audio or documents, and uses an AES-256 algorithm for encrypting the data. What malware experts bring up as a particularly unusual technique is part of the CryPy Ransomware's encoding protection, which blocks decryption attempts by generating a 32-character randomized password via C&C server communications. The CryPy Ransomware does this for every single file, which also has the side effect of slowing the pacing of the encryption routine drastically.
The Trojan also renames the files (with randomized characters, a prepended 'CRY' tag and an appended '.cry' extension) and creates a text ransom message. In addition to soliciting cash payments in exchange for a decryption service that will restore your files, the CryPy Ransomware also threatens to delete one file every six hours that the ransom is unpaid.
Kicking a Turtle of a Trojan out of the Ransomware Race
The CryPy Ransomware's unique data enciphering methodology has both positives and drawbacks for remote attackers and victims alike. Although the CryPy Ransomware may be slower to complete its attack and, therefore, easier to stop with PC security tools or user intervention before it damages anything, the CryPy Ransomware also protects itself against typical decoding techniques. Its appearance in the wild continues signifying what malware experts already stress, which is the value of keeping backups that protect your digital content against any damage to the individual copies.
Samples of the CryPy Ransomware are only traceable back as far as early September. Its distribution methods are unidentified. Some of the most common means of installing file encrypting Trojans like the CryPy Ransomware consist of targeted hacking attempts against server accounts using bad passwords, drive-by-downloads emerging via exploit kits, and e-mail attachments hiding their Trojan droppers as some form of documentation (in most scenarios, fake package invoices or financial notifications).
Updated anti-malware protection can block all of the above threats, or identify and delete the CryPy Ransomware before its attack has time to finish. If nothing else, the CryPy Ransomware proves that even the slowest Trojan can become surprisingly deft at self-evolution, and equally intractable as a threat to your PC.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.