• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 23rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

CryPy Ransomware Encrypts Each File Individually with a Special Key

October 15th, 2016 Uzair Amir Security, Malware 0 comments
CryPy Ransomware Encrypts Each File Individually with a Special Key
Share on FacebookShare on Twitter
New Ransomware CryPy Can Encrypt Each File Individually with a Special Key — The C&C of this ransomware is hosted on a hacked Israeli server.

Isn’t this surprising that there is a new strain of ransomware that uses a different key whenever it encrypts a file? This ransomware has been written in Python and needless to say, it has helped the encryption game reach a new high by encrypting every file present on the victim’s computer with a unique key.

MUST READ: THE NASTIEST OF ALL RANSOMWARE MAMBA ENCRYPTS HARD DRIVE

Aptly titled CryPy , this ransomware isn’t the first or only one written in Python programming language. Remember, because Zimbra, HolyCrypt and Fs0ciety Locker are also written in the same language. Yet, the reason why CryPy stands out is that it encrypts files on a system individually and that too, with a unique key for every file. This obviously makes data decryption very difficult.

The ransomware was identified by Kaspersky researchers while looking for a particular security flaw, which allows attackers to upload and implement a PHP Shell Script to an exploitable Israeli web server, in the Magento Content Management System. This server serves as the command and control center for CryPy while the data is transferred in clear text format to the server. This allows attackers to carry out man-in-the-middle attacks as well as insert additional PHP scripts. These scripts then instruct the CryPy ransomware to invade the targeted computer(s). Moreover, this command and control server can be used to carry out phish attacks too as it contains PayPal phishing pages.

#Python #ransomware #CryPy retrieves encryption key and new filename for each file from CnC. https://t.co/RjtxuMg4r9 pic.twitter.com/FgINNyfb2v

— Jakub Kroustek (@JakubKroustek) September 9, 2016

Kaspersky researchers believe that the designers of this ransomware could be Hebrew-speaking. The team identified that CryPy has two main files namely boot_common.py and encryptor.py. The first one error logs on Windows OS and the second one is the main locker. After the computer has been infected the Registry Tools are the first to be disabled by CryPy and then the focus is shifted to Task Manager, Run and CMD. Afterward, boot status policy and recovery tools are disabled. When the disabling function has been performed successfully, the malware begins encrypting the files using a different encryption key for each file.

When the malware finishes locking of system and data encryption, the threat actor sends commands to inform the victims of the attack and to contact through email to pay for the decryption program. If the victims do as directed and contact the attacker via email, they are provided with a sample decryption key with which they can decrypt some of the files for free. This is the attacker’s strategy to build trust and force the victims into paying the ransom to get full decryption program.

crypy-ransomware-encrypts-each-file-individually-with-a-special-key

CryPy ransomware README file

ALSO READ: 7 CASES WHEN VICTIMS PAID RANSOM TO STOP CYBER ATTACKS

[fullsquaread][/fullsquaread]

RELATED: THIS RANSOMWARE EXPOSES USERS’ LOCATION DATA ON THE INTERNET

According to Kaspersky researchers, currently, this ransomware is in the initial stages of its development because they feel that it has failed to encrypt files since the time its designer changed the server. Furthermore, the malware hasn’t been updated as well.

  • Tags
  • Cyber Crime
  • Encryption
  • hacking
  • internet
  • Malware
  • Ransomware
  • security
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Man Accused of Terrorism Over Encrypting his Blog Site
Next article Dangerous Pork Explosion backdoor found in Android Devices
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Hacked Android phones mimicked connected TV products for fake ad views

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hacked Android phones mimicked connected TV products for fake ad views
Cyber Crime

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Hacking News

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us