A new ransomware known as ‘CryPy’ has been discovered in the wild with the capability of encrypting each file on a system with a unique key, Avast security expert Jakub Kroustek discovered.

While not the first malware written in Python programming language - it joins other ‘Pysomwares’ like HolyCrypt, FsOciety Locker and Zimba - CryPy stands out as particularly heinous because it uses different encryption keys to individually lockdown files on a victim’s system.

This makes it incredibly difficult to decrypt and crack the code, according Kaspersky Labs researchers.

The executable is made up of two main files: a boot_common.py and encryptor.py. The first is in charge of error logging on Windows platforms and the second is the actual locker that has a few different functions, Kaspersky officials said.

The virus originates from a compromised web server located in Israel that enables hackers to stream data from the ransomware to the corrupt server and back again. Researchers said the server is also used for phishing attacks and contained PayPal phishing pages.

Attackers often look for low-hanging fruit to inject their code and hide their corrupt server, according to Kaspersky researchers.

There are ‘strong indications’ it’s a Hebrew-speaking threat actor behind the attacks, researchers said. The hackers claim files will be deleted every six hours, reflecting the approach of more recent ransomware strains.

What’s notable is the virus fails to direct victims to a channel that can be used in cases where the payment is non-responsive, which researchers said points to ‘the executable being at an early stage of development.’

The virus isn’t without flaws, but CryPy’s encryption process may be able to defeat anti-ransomware software, according to reports. 

 Ransomware will be among the topics at the Privacy & Security Forum in Boston, Dec. 5-7, 2016. What to expect: 
⇒ How to beat back hackers and savvy cybercriminals? Delve into the dark web
⇒ A CISO, consultant, and infosec vendor nail down cybersecurity best practices
⇒ Gone' phishin': Mayo Clinic shares tips for fending off attacks
⇒ Security budgets grow but breaches continue unless hospitals adopt best practices
⇒  Think offshoring PHI is safe? You may not be covered if a business associate breaches data

Like Healthcare IT News on Facebook and LinkedIn