Home Malware Programs Ransomware CryPy Ransomware

CryPy Ransomware

Posted: September 12, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 46
First Seen: September 12, 2016
OS(es) Affected: Windows

The CryPy Ransomware is a file encryption Trojan that uses ciphers to block your computer's data while it demands a ransom fee. Free decryption assistance is not always available or risk-free, and malware researchers suggest using other ways of protecting your files that don't require breaking the CryPy Ransomware's encryption code. Even if you can't restore the ransomed content, deleting the CryPy Ransomware through appropriate anti-malware strategies will keep it from encoding or erasing any additional information.

A Trojan Giving You Something to Cry About

Many threat authors are moving to a business model based on renting their products out to third parties, which configure individual variants of the threatening software. However, not all threat developers have abandoned the concept of self-contained Trojans not based on recycling previously-known code. The CryPy Ransomware shows that even independent Trojans retain capabilities up to par against those of infamous families like the Crysis (which, despite the name, is completely unrelated).

The CryPy Ransomware uses code based on the Python language, a semi-rare trait that it also shares with the Zimbra Ransomware and the HolyCrypt Ransomware. The CryPy Ransomware scans your drives for media to encrypt, such as images, audio or documents, and uses an AES-256 algorithm for encrypting the data. What malware experts bring up as a particularly unusual technique is part of the CryPy Ransomware's encoding protection, which blocks decryption attempts by generating a 32-character randomized password via C&C server communications. The CryPy Ransomware does this for every single file, which also has the side effect of slowing the pacing of the encryption routine drastically.

The Trojan also renames the files (with randomized characters, a prepended 'CRY' tag and an appended '.cry' extension) and creates a text ransom message. In addition to soliciting cash payments in exchange for a decryption service that will restore your files, the CryPy Ransomware also threatens to delete one file every six hours that the ransom is unpaid.

Kicking a Turtle of a Trojan out of the Ransomware Race

The CryPy Ransomware's unique data enciphering methodology has both positives and drawbacks for remote attackers and victims alike. Although the CryPy Ransomware may be slower to complete its attack and, therefore, easier to stop with PC security tools or user intervention before it damages anything, the CryPy Ransomware also protects itself against typical decoding techniques. Its appearance in the wild continues signifying what malware experts already stress, which is the value of keeping backups that protect your digital content against any damage to the individual copies.

Samples of the CryPy Ransomware are only traceable back as far as early September. Its distribution methods are unidentified. Some of the most common means of installing file encrypting Trojans like the CryPy Ransomware consist of targeted hacking attempts against server accounts using bad passwords, drive-by-downloads emerging via exploit kits, and e-mail attachments hiding their Trojan droppers as some form of documentation (in most scenarios, fake package invoices or financial notifications).

Updated anti-malware protection can block all of the above threats, or identify and delete the CryPy Ransomware before its attack has time to finish. If nothing else, the CryPy Ransomware proves that even the slowest Trojan can become surprisingly deft at self-evolution, and equally intractable as a threat to your PC.

Loading...