There is a new type of ransomware on the block, which goes by the name of CryPy. As we have seen with other malware types in the past, criminals tend to set variable prices to restore file access. This type of ransomware takes things to a new level, even though it is no immediate threat just yet. But security researchers have found out some interesting things about what the future of malware may hold.
CryPy Does Things A Bit Differently
First of all, CryPy is one of the very few types of ransomware that has been written entirely in Python. Most criminals seem to prefer C+ or C# to code their malware in, as they mainly target Windows systems. Python, however, is operating system-agnostic and can impact much more computers than ‘just” the Windows slice of the pie charts.
That being said, CryPy will not be an immediate threat, according to Sophos. This malware sample only seems to be a proof of concept, and the communication servers for this malware are offline. In fact, simulating the ransomware environment does not appear to help either, as researchers can’t get the code to work to gauge its impact.
But that doesn’t mean there is no reason for concern at all. This particular type of ransomware sends a notification to a remote control server every time a new file is encrypted. Once the information is received by the central server, a return command is sent, including a replacement filename and a one-time random encryption key. That means every single file on a computer would have its own decryption key.
Rather than using one master key to restore full computer access, CryPy is taking things to a whole new level. From a monetization point of view, ransomware developers and affiliates can charge a variable price depending on which files they encounter during the encryption process. More worryingly, this also means CryPy effectively steals data from the host computer, even though this only pertains to the original filenames.
Do not be mistaken in thinking keeping file backups will do you any good when CryPy comes knocking. As we have seen with other recent ransomware types, the shadow copies on the device will be deleted, and all files on any connected removable drive – including network-stored backups – will be affected as well. Restoring from an offline backup will be possible, however, although most computer users don’t have those.
But there is more, as CryPy will also delete files off the computer every 6 hours. Making the Bitcoin payment is of the utmost importance, as no one wants to lose important files. Moreover, there is a 96-hour period for the payment. Otherwise, the decryption keys will be permanently deleted from the ransomware server. Not a pleasant outlook by any means.
Luckily, CryPy is not being distributed or used in the wild just yet. However, the code sample can be found on the Internet with relative ease. Anyone with a coding mind can take this malware and turn it into a disastrous ransomware strain at any time. Computer users should prepare offline backups of all of their important data before it is too late, though.
Header image courtesy of Shutterstock