A new ransomware strain written in Python called CryPy was disclosed by Avast malware analyst Jakub Kroustek. It seems that Pyton is getting more popular as a ransomware development language, seen the recent rise of strains like PWOBot, Zimbra, HolyCrypt, and Fs0ciety Locker.
Security pros observed that while CryPy is a new strain, it's not yet a major threat like Locky, as a unique encryption key for each file is a double-edged sword - it causes performance problems and is more susceptible to disruption if you block the malicious IP address.
It is still early days for CryPy, for instance the command & control infrastructure is still immature, but expect it to be rapidly improved. The hacked server in Israel behind CryPry was most definitely running phishing campaigns, Paypal phishing pages were discovered there.
The problem with the CryPy approach is that decryptors will never work, and can potentially defeat anti-ransomware software like the prototype created by researchers at the University of Florida and Villanova University in July. SecureList has an in depth technical analysis of the new strain.
And while we are discussing new strains, EvilTwin's "Exotic Ransomware" encrypts all files including executables
The Exotic Ransomware is a new infection released by a malware developer going by the alias of EvilTwin or Exotic Squad. Discovered on October 12th by MalwareHunterTeam, the Exotic Ransomware encrypts ALL files on a victim's computer. That includes executables in targeted folders from %Desktop% all the way to %UserProfile%.
This ransomware is still in its early stages, but it does contain an annoying feature. Targeted executable files and prorams become practically unusable. Most programs are not targeted by Exotic, however if any programs happen to be stored in the %UserProfile% folder, those are targeted and will be encrypted.
Ransomware Hostage Rescue Manual
Get the most complete Ransomware Manual packed with actionable info that you need to have to prevent infections, and what to do when you are hit with ransomware.
If you do not like to click on buttons with redirects, cut/paste this link in your browser: