Watch Out for CryPy Ransomware Encryption Process

Media Division | October 24, 2016

Crikey!

That’s an interjection used as an exclamation of surprise, amazement or dismay, which originated in the mid 1800’s, and, though a little dated, might be one of a number of utterances you holler if you ever encounter the CryPy virus.  And while they might have a similar ring, the word “CryPy” comes, in part, from much more recent English: “cry” from “encryption” and “py” from “Python,” the programming language in which this ransomware is written.

What is CryPy?

Ransomware is nothing new.  If you follow cyber news at all, you know about these nefarious programs that hijack businesses, small or large, requiring users to pay often exorbitant fees for the restoration of their own data.  Brilliant? Perhaps. Conniving? Absolutely.  Illegal?  Of course, but like other malware, tracking down the manufacturers (who require payment through untraceable means such as BitCoin), often across national lines, has proven so difficult, many companies would rather pay than to bother.  When weighed against the “cost” in terms of a PR fiasco, ransomware prices didn’t look so bad.  Professionals like Kaspersky Labs were even manufacturing decrypters for hijacked computers.

Then along comes CryPy.  Instead of encrypting all of your files, CryPy can apparently encrypt each file with its own encryption key.  Files can even be prioritized, with your more valuable data fetching a higher price for restoration than more mundane files.

With remote access to your cyber assets, CryPy can even taunt you by releasing a couple of files from encryption, thereby demonstrating their total power over your data.

How It Works

According to Kaspersky researchers, CryPy may be housed on a hijacked Israeli server, with a Hebrew-speaking source code.  Two main files, boot_common.py and encryptor.py error long on to your Windows OS and then lock your computer.  After first infection, the program disables your Registry Tools and boot status policy.  Once such files are disabled, the malware can lock your system and encrypt your data.

Like most malware, what you will discover is either an email at another account informing you of the attack, or a full-screen takeover notice demanding payment for the restoration of your files.  If you follow directions well, contact the appropriate email address, and provide payment, you may even get those few (taunting) files for free.  Only the full ransom gets you the full decryption program.  To speed you along (and prevent you from taking your time with outside assistance), the ransomware notice warns you that every six hours another file of yours will be permanently deleted.  You are also given one tiny piece of customer service: an ID Number, uniquely created for you by the malware, to mark each hit but also correctly identify you when you reach out to the perpetrators.

As if you weren’t busy enough with the disaster, the phishing component of the program can hijack your email and spread.  Soon your friends, family and business associates might also find little CryPy packages waiting for them with the wrong click of a mouse.

What To Do

Since you would rather not deal with CryPy in your business, you might want to know what to do about it.  Here are some steps to ensuring you live CryPy-free:

• The best offense is a good defense: don’t get infected with ransomware in the first place.  Train your employees (and yourself) on how to recognize suspicious files and avoid infection from malware and other viruses.

• Stay current on updates: from protection software to security updates, keeping your system current keeps you safe.

• Update policy: have a plan in place, stick to your plan if disaster strikes.  Like earthquake drills and “stop, drop and roll,” a cyber attack plan prepares you for what you hope to never experience.

• Learn from the pros: when you follow cybersecurity news and feeds you learn from the mistakes of others (and prevent yourself from making them).  Though there are many ways to make history, don’t let a massive cybersecurity attack make your business history.

Aha!

That’s the sound of your exclamation signaling your triumph when you put your plan in place and avoid ransomware like CryPy, similar to your “ah” of relief and delight as you rest easy.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.