En grim virus, kaldet CryPy, rapporteret at bruge Python sproget for det script er blevet opdaget af malware forskere, med AES-256 cipher at kode filer. The encryptes files by this virus have the .cry file extension and in addition to that, the ransomware also changes the file names with random numbers, beginning with the CRY initials. After it’s encryption process is complete, CryPy malware drops a ransom note, called README_FOR_DECRYPT.txt. I dette notat, the virus also notifies that it will randomly delete a file every 6 hours if a ransom payoff to the cyber-criminals has not been made to restore the files. Anyone whose computer has been attacked by this devastating ransomware virus should not pay any ransom money and immediately remove the CryPy virus using the instructions in this article to avoid further file deletion. Endvidere, stedet for at betale løsesummen, you can counter attack it and try to restore your files using alternative methods such as the ones suggested below.
Follow this article for more information to be updated soon.
|Kort beskrivelse||Den malware krypterer brugernes filer ved hjælp af en stærk kryptering algoritme, making direct decryption possible only via a unique decryption key for each file available to the cyber-criminals.|
|Symptomer||CryPy Ransomware leaves a “README_FOR_DECRYPT.txt” ransom note and may delete random files from your computer if the terms in the note are not met. Ændret filnavne og de forskellige fil extensions kan anvendes.|
|Værktøj Detection|| See If Your System Has Been Affected by CryPy |
Værktøj til fjernelse af malware
|Brugererfaring||Tilmeld dig vores forum til Discuss CryPy Ransomware.|
|Data Recovery Tool||Windows Data Recovery af Stellar Phoenix Varsel! Dette produkt scanner dine drev sektorer til at gendanne mistede filer, og det kan ikke komme sig 100% af de krypterede filer, men kun få af dem, afhængigt af situationen og uanset om du har omformateret drevet.|
CryPy Ransomware – How Does It Perform an Infection
This devastating threat is strongly believed to use a combination of tools that conceal it from any firewall and most conventional antivirus programs on a victim computer. One of those tools may be a malicious e-mail attachment tricking the user into opening it. Such attachments may be fake .PDF or Microsoft Office documents that when opened can cause the infection. The documents seem to be from a legitimate sender, and the e-mail aims to convince the user that they are of an important nature.
But attachments may not be the only method for spreading malicious files. Malicious web links posted on social media and other websites are also reported to cause infections by a drive-by-download after a malicious browser redirect. Such malicious web sites may be presented to the user in the form of an advertisement(malvertising) that is displayed as a pop-up or a direct browser redirect as a result of adware (PUP) installed on the victim’s computer.
CryPy Ransomware In Detail
When CryPy ransomware Is activated on the computer of it’s victim, the ransomware virus is believed to perform several different activities, to collect information about the compromised system and send it to the C&C servere af viruset.
Then the CryPy virus may drop it’s payload by contacting its server and downloading it from there. The payload may be one or more files of the following file types:
After the payload of CryPy has been dropped, the virus may begin to modify numerous of settings, such as modify the Windows Registry Editor so that the malicious executables run on system startup. The usually targeted registry keys for this are:
Efter dette er blevet gennemført, the Virus may begin to encrypt the files on the compromised computer. It may scan for wide variety of file extensions to encrypt but the CryPy ransomware is mainly programmed to scan for and encrypt often used types of files, såsom:
All types of documents opened with Microsoft Office, Adobe, Photoshop and other software.
As soon as the virus detects that a file has been found, it performs the following activities:
The specific thing about this virus is that it connects to the sever every time one file is encrypted, generates a unique key for that file and sends it to the cyber-crooks. This means that if you have 100 filer, it will contact the server 100 gange.
The encrypted files by CryPy ransomware are enciphered with a very strong AES (Advanced Encryption Standard) algoritme. They can no longer be opened by any program because their code structure has changed. In addition to this, the virus not only adds it’s distinctive .cry file extension, but it also changes the file names, for eksempel:
This is very similar to other ransomware viruses using the same extensions, såsom Central Security Treatment Organization Ransomware.
After enciphering the files of the infected computer, CryPy ransomware adds a Halloween style picture on the victim’s computer and adds a “README_FOR_DECRYPT.txt” ransom note which it automatically opens. The ransom note has the following message to the victims CryPy:
CryPy Ransomware – Summary, Fjernelse, og File Restaurering
Hvis du ønsker at gendanne dine filer, først, it is important to remove the CryPy virus from your computer. For at gøre dette, it is strongly advisable to follow the step-by-step instructions below. They are methodologically organized to assist you in removing CryPy ransomware completely from your computer. Endvidere, malware researchers also recommend using an advanced anti-malware software that will assist you into swiftly and automatically erasing all files associated with this malware.
If you are looking for methods to restore .cry encrypted files, på dette tidspunkt, there is no decryptor available for free. Men, you can try the alternative methods illustrated in step "3. Restore files encrypted by CryPy” under.