CryPy ransomware takes the time to encrypt each file independently, to make decryption more difficult…
Ransomware continues to evolve in various ways. First, there was polymorphic ransomware, changing codes every few seconds to avoid detection from the traditional blacklist security software programs. Then, there has been ransomware that will not only encrypt your data, but steal personal information for exploitation if the ransom goes unpaid. And now, CryPy ransomware is using a different encryption key for each file to make decryption even more difficult.
What does this mean? Traditional ransomware uses a single code to lock your files. CryPy uses a different code for each file. Think of a door. Typically, ransomware will just use the door lock to encrypt your files. Once that one lock is picked, your files are available again. CryPy uses the door lock for one file, the deadbolt for another, the chain lock for another, and so on. So even if you are fortunate enough to find a decryption key, at best it will only unlock a single file.
Upon infection, the victim is demanded to pay the ransom in order to receive the decryption program. According to ZDNet, by doing so, the victim could potentially decrypt a few files for free. However, this is simply a tactic to lure the user into paying for the full decryption program.
The distribution method for this ransomware has not been identified. For PC users, it is imperative you ensure all of your programs and operating systems are up to date, and you are running your security program scans as scheduled. This will help to mitigate the risk of system vulnerabilities, which cyber criminals may exploit. Also, as an additional measure of protection, it is advised you implement a security solution that includes application whitelisting technology. Lastly, remember to think before you click on emails, attachments, links, etc. Be sure you are aware of who the email sender is, and if you’re expecting the email or attachment that appears. These cyber criminals are experts, and will make anything look legitimate.
Stay safe out there.