CypherPy Ransomware

The CypherPy Ransomware is an encryption ransomware Trojan. The CypherPy Ransomware, like other threats of the same type, will take victims' files hostage. To do this, the CypherPy Ransomware uses a strong encryption algorithm to make the victim's files inaccessible. The CypherPy Ransomware will then demand payment from the victims in exchange for the decryption key that is necessary to recover files affected by the attack.

The CypherPy Ransomware also can Infect PCs Running Linux

The CypherPy Ransomware is packaged in the form of a Python source file. The CypherPy Ransomware started appearing on September 28, 2017. One unique aspect of the CypherPy Ransomware is that it does not attack computers running the Windows operating system only; the CypherPy Ransomware also is capable of infecting computers running Linux. The CypherPy Ransomware, as long as the targeted system can support software written in Python, will be able to carry out its attack. The CypherPy Ransomware's main targets seem to be Web servers and websites. It is very probable that the CypherPy Ransomware is being used in coordination with other threats in its attacks. Most specifically, it is likely that Trojan droppers are being used to deliver the CypherPy Ransomware and the CypherPy Ransomware also may be part of attacks involving Remote Access Trojans (RATs), where the con artists use threats to gain access to the victim's computer remotely.

How the CypherPy Ransomware Carries out Its Attack

The study of the CypherPy Ransomware reveals that the CypherPy Ransomware uses a strong encryption method, the AES 256 encryption method, to make the victim's files inaccessible. The CypherPy Ransomware will mark the files encrypted by the attack by adding the file extension '.crypt' to the end of the file's name. Once the CypherPy Ransomware encrypts a file, it will no longer be possible to recover the affected file without the decryption key, which the on artists hold in their possession. To recover from the CypherPy Ransomware attack, it is likely that the victims will have to pay hundreds of dollars (or even thousands, depending on the profile of the encrypted data) to receive the decryption key they need to get back their affected files. Tthe CypherPy Ransomware also will disable possible recovery methods such as the System Restore points or the Shadow Volume Copies, which PC users could use to restore affected data.

The CypherPy Ransomware’s Ransom Demands and Targets

The CypherPy Ransomware delivers its ransom note in a program window named 'README' displayed on the victim's computer. The full text of the CypherPy Ransomware's ransom demand is:

'Hello, unfortunately all your personal files have been encrypted with military grade encryption and will be impossible to retrieve without acquiring the encryption key and decrypting binary. As of yet these are not available to you since the Cypher ransomware is still under construction. We thank you for your patience.
Have a nice day,
The Cypher Project.'

After studying the CypherPy Ransomware's code, PC security researchers have determined that the CypherPy Ransomware targets the files with the following file extensions:

3g2, .3gp, .asf, .asx, .avi, .flv, .m2ts, .rm, .jpg, .tar.gz, .gif, .sqlite3, .html, .txt, .tar, .jpeg, .swf, .mkv, .mov, .vob, .png, .mp3, .pyc, .php, .log, .jar, .sh, .tiff, .mp4, .wmv, .docx, .mpg, .mpeg, .pdf, .rar, .zip, .7z, .exe, .c, .sql, .bak, .bundle, .cpp, .deb, .h, .pdf.

Recovering from a CypherPy Ransomware Attack

Although it may be impossible to recover from these attacks, the password necessary to restore the affected files is embedded in the CypherPy Ransomware's code. Computer users can type the string 'prettyflypassword' in the text box that is included in the CypherPy Ransomware's ransom note. Doing this will initiate the decryption procedure. However, new versions of threats like the CypherPy Ransomware are released every day. It is very likely that the con artists will update or release a new version of this threat that uses a different password or closes this recovery loophole altogether. Because of this, computer users should take precautionary methods against these threats.

SpyHunter Detects & Remove CypherPy Ransomware