PyAesCrypt Ransomware

Posted: April 17, 2019

PyAesCrypt Ransomware Description

The PyAesCrypt Ransomware, also using the name of Marduk Ransomware, is a file-locking Trojan. It can block your media with AES encryption and stop files like documents from opening. Users should ignore the ransoming instructions until they've tested all alternate recovery options and use a trusted anti-malware brand for uninstalling the PyAesCrypt Ransomware.

A Python Snaking Closer to Your Computer

The Python programming language is becoming an enabler of another type of file-locking Trojan, long after past examples like the Dablio Ransomwar or the comparatively elderly PyCL Ransomware. Although there are some small oddities in the newer sample of the PyAesCrypt Ransomware, its payload is functional concerning its capabilities for blocking the user's content and keeping it held hostage. While it appears that it's using a simple, variant of AES encryption, malware experts can't promise that free decryption and unlocking of files will become possible to the public.

Security researchers that specialize in Russia-based threats are pointing out the first versions of the PyAesCrypt Ransomware. The Windows-based Trojan is using various names, but the majority of them are passing themselves off as DLL files. Once it gets system access, the PyAesCrypt Ransomware starts searching for text documents, pictures, and other media that it can encrypt and block. It lets victims know what files it's capturing through the appending of a '.lock' extension, similarly to the LockCrypt Ransomware and the Zyka Ransomware, although neither programs are relatives.

It's not strange that some file-locking Trojans create multiples of their ransoming messages afterward, but the PyAesCrypt Ransomware does so in an unusual way. It duplicates the same text with different numbers up to twenty times, with no differences besides the names. The threat actor's wallet, which collects 100 USD Bitcoin fees for his unlocking assistance, is empty as of April 17th – and malware experts recommend keeping it that way.

Alleviating a Serpentine Stranglehold on Media

Users could provide the security industry with samples of the PyAesCrypt Ransomware and encrypted content for determining whether a free decryptor is a practical possibility. In many cases, however, it's not, and the owners of ransom-worthy files never should keep all those files in a single, vulnerable location. File-locking Trojans are easily circumnavigable by storing your backups securely, such as by saving them to a removable USB device.

Some versions of the PyAesCrypt Ransomware's installers are distributing themselves by pretending that they're MSDaRT, which is a Microsoft diagnostics tool for Windows. Users can avoid this relatively obvious tactic by getting their Microsoft software downloads directly from an official source like and avoiding software piracy-related resources like torrents. Anti-malware programs should be identifying and deleting the PyAesCrypt Ransomware, regardless of any filename disguises.

The ransoming operations of file-locker Trojans are, by definition, outside the law, and any users buying a decryptor should remember there's no protection for fraud from the other party. The PyAesCrypt Ransomware is one of many Trojans built out of the hope that their victims will forget that essential fact.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PyAesCrypt Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware PyAesCrypt Ransomware