A new strain of ransomware was recently discovered and it has a very unique feature – the ability to encrypt each file on a system with its own unique key. This new strain of ransomware is called CryPy and is written in the Python programming language. While not the first strain of ransomware written in Python, it is particularly damaging because of its ability to use different encryption keys to individual files on the victim’s system. This new encryption technique makes it extremely difficult to crack the code and decrypt the files. According to experts, CryPy’s unique encryption process may also be able to defeat anti-ransomware software.
CryPy contains two executable files. The first is a ‘boot_common.py’ which error logs the Windows platform. The second file, ‘encryptor.py’ is the executable that actually encrypts or locks the files. The hacker’s claim files will be deleted every six hours which has become more common in recent ransomware strains. Researchers believes CryPy is in the early stages of development.
CryPy seems to have originated from a compromised web server in Israel. This server allows hackers to stream data from the ransomware to the corrupt server and back again. This same server has been used in phishing attacks and contains PayPal phishing pages.