Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Python Ransomware Uses A Unique Key For Each File That Is Encrypted

    Python CryPy RansomwareA new ransomware strain written in Python called CryPy was disclosed by Avast malware analyst Jakub Kroustek. It seems that Pyton is getting more popular as a ransomware development language, seen the recent rise of strains like PWOBot,  Zimbra, HolyCrypt, and Fs0ciety Locker.

    Security pros observed that while CryPy is a new strain, it's not yet a major threat like Locky, as a unique encryption key for each file is a double-edged sword - it causes performance problems and is more susceptible to disruption if you block the malicious IP address.

    It is still early days for CryPy, for instance the command & control infrastructure is still immature, but expect it to be rapidly improved. The hacked server in Israel behind CryPry was most definitely running phishing campaigns, Paypal phishing pages were discovered there.

    The problem with the CryPy approach is that decryptors will never work, and can potentially defeat anti-ransomware software like the prototype created by researchers at the University of Florida and Villanova University in July. SecureList has an in depth technical analysis of the new strain.

    And while we are discussing new strains, EvilTwin's "Exotic Ransomware" encrypts all files including executables

    The Exotic Ransomware is a new infection released by a malware developer going by the alias of EvilTwin or Exotic Squad. Discovered on October 12th by MalwareHunterTeam, the Exotic Ransomware encrypts ALL files on a victim's computer. That includes executables in targeted folders from %Desktop% all the way to %UserProfile%.

    This ransomware is still in its early stages, but it does contain an annoying feature. Targeted executable files and prorams become practically unusable. Most programs are not targeted by Exotic, however if any programs happen to be stored in the %UserProfile% folder, those are targeted and will be encrypted. 

    Ransomware Hostage Rescue Manual

    Get the most complete Ransomware Manual packed with actionable info that you need to have to prevent infections, and what to do when you are hit with ransomware.

    Download Here

    If you do not like to click on buttons with redirects, cut/paste this link in your browser:

    https://info.knowbe4.com/ransomware-hostage-rescue-manual-0

     

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews