CryPy Ransomware

PC security analysts have reported a new threat that has received the name of CryPy Ransomware. The CryPy Ransomware is written in the Python programming language and is used to encrypt the victims' files. Then, they demand the payment of a ransom in exchange for the decryption key. The CryPy Ransomware uses AES-256 to carry out the encryption of the affected files, which is an encryption algorithm that has been favored by many recent threat infections. After the CryPy Ransomware encrypts the victim's files, it renames these files. The renamed files are easy to recognize since their names will have been changed y the addition of the string 'CRY' followed by a long string of random characters and ending with the file extension '.cry.' This differs from most recent ransomware Trojans that only change the affected files' extension or add the attacker's contact email address to the files' names occasionally. The CryPy Ransomware represents a real threat to victim's files, and urgent steps must be taken to keep your data safe from threats like the CryPy Ransomware.

The Scary Tactic Used on the CryPy Ransomware Attack

The CryPy Ransomware threatens the victim with deleting a random file every six hours. After 96 hours have passed, the CryPy Ransomware ransom note claims that the decryption key will be deleted entirely, making it no longer possible to recover the files. Victims of the CryPy Ransomware are asked to email one of two email addresses to receive instructions on payment. Unfortunately, once the CryPy Ransomware encrypts your files, it is not possible to decrypt them without access to the decryption key. This is what makes ransomware Trojans so popular among the con artists. Even if the CryPy Ransomware infection is removed, the damage has been done, and it is irreversible; the victim's files will remain encrypted. However, PC security analysts do not recommend that computer users pay the ransom, even if for some that may be the only recourse due to a lack of a proper backup method. In many cases, the con artists may not deliver the decryption key, deliver a key that doesn't work, attempt to install even more threat on the victim's computer or simply ask for more money. You cannot trust the creators of the CryPy Ransomware to keep their work.

The Several Unique Characteristics Presented by the CryPy Ransomware

One particular aspect of the CryPy Ransomware, apart from the fact that it is written using Python, is that it has some interesting behaviors that are not seen in other ransomware Trojan attacks frequently. The CryPy Ransomware calls its Command and Control server every time it encrypts a file. The CryPy Ransomware's server will generate a random password of 32 characters for each file that the CryPy Ransomware encrypts. While this means that the CryPy Ransomware may take longer than other ransomware Trojans to carry out its attack since the network traffic takes time, it also makes the CryPy Ransomware's key generation and attacks much more difficult for malware researchers to decipher.

The CryPy Ransomware's ransom note that is displayed on the victim's computer in the form of text and HTML files dropped into the victim's hard drive as well as in the victim's Desktop image says:

IMPORTAN INFORMATION
All your files are encrypted with strong chiphers.
Decrypting of your files is only possible with the decryption program, which is on our secret server.
Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose.
Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files.
To receive your decryption program contact one of the emails:
1. m4n14k@sigaint.org
2. blackone@sigaint.org
Just inform your identification ID and we will give you next instruction.
Your personal identification ID: CRY[redacted]