CryPy Virus Fjern og gendannelse .Cry Files - Hvordan, Teknologi og pc-sikkerhed Forum | SensorsTechForum.com
TRUSSEL FJERNELSE

CryPy Virus Fjern og gendannelse .Cry Files

1 Star2 Stars3 Stars4 Stars5 Stars (Ingen stemmer endnu)
Loading ...

crypy-ransomware-sensorstechforumEn grim virus, kaldet CryPy, rapporteret at bruge Python sproget for det script er blevet opdaget af malware forskere, med AES-256 cipher at kode filer. The encryptes files by this virus have the .cry file extension and in addition to that, the ransomware also changes the file names with random numbers, beginning with the CRY initials. After it’s encryption process is complete, CryPy malware drops a ransom note, called README_FOR_DECRYPT.txt. I dette notat, the virus also notifies that it will randomly delete a file every 6 hours if a ransom payoff to the cyber-criminals has not been made to restore the files. Anyone whose computer has been attacked by this devastating ransomware virus should not pay any ransom money and immediately remove the CryPy virus using the instructions in this article to avoid further file deletion. Endvidere, stedet for at betale løsesummen, you can counter attack it and try to restore your files using alternative methods such as the ones suggested below.

Follow this article for more information to be updated soon.

Trussel Summary

Navn

CryPy

TypeRansomware
Kort beskrivelseDen malware krypterer brugernes filer ved hjælp af en stærk kryptering algoritme, making direct decryption possible only via a unique decryption key for each file available to the cyber-criminals.
SymptomerCryPy Ransomware leaves aREADME_FOR_DECRYPT.txtransom note and may delete random files from your computer if the terms in the note are not met. Ændret filnavne og de forskellige fil extensions kan anvendes.
DistributionsmetodeVia en Exploit kit, DLL-fil angreb, ondsindet JavaScript eller en drive-by download af selve malware på en korrumperet måde.
Værktøj Detection See If Your System Has Been Affected by CryPy

Hent

Værktøj til fjernelse af malware

BrugererfaringTilmeld dig vores forum til Discuss CryPy Ransomware.
Data Recovery ToolWindows Data Recovery af Stellar Phoenix Varsel! Dette produkt scanner dine drev sektorer til at gendanne mistede filer, og det kan ikke komme sig 100% af de krypterede filer, men kun få af dem, afhængigt af situationen og uanset om du har omformateret drevet.

CryPy RansomwareHow Does It Perform an Infection

This devastating threat is strongly believed to use a combination of tools that conceal it from any firewall and most conventional antivirus programs on a victim computer. One of those tools may be a malicious e-mail attachment tricking the user into opening it. Such attachments may be fake .PDF or Microsoft Office documents that when opened can cause the infection. The documents seem to be from a legitimate sender, and the e-mail aims to convince the user that they are of an important nature.

But attachments may not be the only method for spreading malicious files. Malicious web links posted on social media and other websites are also reported to cause infections by a drive-by-download after a malicious browser redirect. Such malicious web sites may be presented to the user in the form of an advertisement(malvertising) that is displayed as a pop-up or a direct browser redirect as a result of adware (PUP) installed on the victim’s computer.

CryPy Ransomware In Detail

When CryPy ransomware Is activated on the computer of it’s victim, the ransomware virus is believed to perform several different activities, to collect information about the compromised system and send it to the C&C servere af viruset.

Then the CryPy virus may drop it’s payload by contacting its server and downloading it from there. The payload may be one or more files of the following file types:

→ .exe, .tmp, .flagermus, .cmd, .etc., .VBS, etc.

After the payload of CryPy has been dropped, the virus may begin to modify numerous of settings, such as modify the Windows Registry Editor so that the malicious executables run on system startup. The usually targeted registry keys for this are:

→HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Run
HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Run
HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion RunOnce
HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion RunOnce

Efter dette er blevet gennemført, the Virus may begin to encrypt the files on the compromised computer. It may scan for wide variety of file extensions to encrypt but the CryPy ransomware is mainly programmed to scan for and encrypt often used types of files, såsom:

Videoer.
billedfiler.
lydfiler.
All types of documents opened with Microsoft Office, Adobe, Photoshop and other software.
databasefiler.

As soon as the virus detects that a file has been found, it performs the following activities:

1)Encrypts the file using a strong AES-256 encryption algorithm.
2)Genererer en unik dekrypteringsnøgle.
3)Sends the decryption key to the CryPy ransomware’s command and control server.

The specific thing about this virus is that it connects to the sever every time one file is encrypted, generates a unique key for that file and sends it to the cyber-crooks. This means that if you have 100 filer, it will contact the server 100 gange.

The encrypted files by CryPy ransomware are enciphered with a very strong AES (Advanced Encryption Standard) algoritme. They can no longer be opened by any program because their code structure has changed. In addition to this, the virus not only adds it’s distinctive .cry file extension, but it also changes the file names, for eksempel:

cry-ransomware-encrypted-file-crypy-sensorstechforum

This is very similar to other ransomware viruses using the same extensions, såsom Central Security Treatment Organization Ransomware.

After enciphering the files of the infected computer, CryPy ransomware adds a Halloween style picture on the victim’s computer and adds a “README_FOR_DECRYPT.txt” ransom note which it automatically opens. The ransom note has the following message to the victims CryPy:

"VIGTIG INFORMATION
All your files are encrypted with strong ciphers.
Dekryptering af dine filer er kun muligt med dekryptering program, som er på vores hemmelige server.
Bemærk, at hver 6 timer; en tilfældig fil slettes permanent. Jo hurtigere du er, the fewer files you will lose.
Også, i 96 timer, the key will be permanently deleted, and there will be no way of recovering your files.
To receive your decryption program contact one of the emails:
1. [email protected]
2. [email protected]
Bare informere din identifikation id og vi vil give dig næste instruktion.
Din personlige identifikation id: SKRIG{Unique Identification Number}"

CryPy Ransomware – Summary, Fjernelse, og File Restaurering

Hvis du ønsker at gendanne dine filer, først, it is important to remove the CryPy virus from your computer. For at gøre dette, it is strongly advisable to follow the step-by-step instructions below. They are methodologically organized to assist you in removing CryPy ransomware completely from your computer. Endvidere, malware researchers also recommend using an advanced anti-malware software that will assist you into swiftly and automatically erasing all files associated with this malware.

If you are looking for methods to restore .cry encrypted files, på dette tidspunkt, there is no decryptor available for free. Men, you can try the alternative methods illustrated in step "3. Restore files encrypted by CryPy” under.

Ventsislav Krastev

Ventsislav har dækket de nyeste malware, software og nyeste tech udviklinger på SensorsTechForum for 3 år nu. Han startede som en netværksadministrator. Have uddannet Marketing samt, Ventsislav har også passion for opdagelsen af ​​nye skift og innovationer i cybersikkerhed, der bliver spillet skiftere. Efter at have studeret Value Chain Management og derefter Network Administration, han fandt sin passion inden cybersecrurity og er en stærk tilhænger af grunduddannelse for alle brugere mod online sikkerhed.

Flere indlæg - Websted

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...