What is CypherPy ransomware? And how does it carry out its attack?
CypherPy ransomware is a new crypto-malware identified recently by malware researchers. Although this new ransomware is only a stub, it still has the ability to encrypt files. CypherPy ransomware is packaged with a Python source file. Security experts found this new ransomware to be unusual as it does not only attack Windows operating systems but it is also capable of infecting computers running Linux operating system. This means that as long as the system supports software written in Python, the ransomware will be able to carry out its attack. It seems to mainly target web servers and websites.
According to researchers, it is also possible that the CypherPy ransomware is being used in coordination with other malware threats in its attacks. In other words, it is most likely that Trojan droppers are being utilized in delivering CypherPy ransomware and that this ransomware might also be part of attacks that involves Remote Access Trojans or RATS where cyber criminals use the threat to obtain remote access to computers.
After it is able to obtain access to the compromised computer, CypherPy ransomware looks for files to encrypt. Security experts have determined that it targets the following file extensions:
3g2, .3gp, .asf, .asx, .avi, .flv, .m2ts, .rm, .jpg, .tar.gz, .gif, .sqlite3, .html, .txt, .tar, .jpeg, .swf, .mkv, .mov, .vob, .png, .mp3, .pyc, .php, .log, .jar, .sh, .tiff, .mp4, .wmv, .docx, .mpg, .mpeg, .pdf, .rar, .zip, .7z, .exe, .c, .sql, .bak, .bundle, .cpp, .deb, .h, .pdf.
It then starts to encrypt the files using a strong encryption method which are AES 256 and RSA 2048 encryption algorithms, leaving victims’ files inaccessible. The malware marks the encrypted files by adding the .crypt file extension on each file. After the encryption, delivers its ransom note in a program window labeled as README and contains the message below:
“Hello, unfortunately all your personal files have been encrypted with military grade encryption and will be impossible to retrieve without acquiring the encryption key and decrypting binary. As of yet these are not available to you since the Cypher ransomware is still under construction. We thank you for your patience.
Have a nice day,
The Cypher Project.”
Because of the strong encryption algorithm, recovering the encrypted files using alternative methods like System Restore Points or the Shadow Volume copies is nearly impossible. Meaning to say, recovering them without the decryption key would be a hard task. The best option for now is to wait until a free decryptor is developed instead of paying loads of money in recovering your files from cyber criminals.
How is CypherPy ransomware distributed?
As mentioned at the beginning of this post, CypherPy ransomware is packaged with a Python source file. And according to researchers, this Python source file spreads using malicious spam email campaign which is the typical distribution method for most ransomware infections these days.
Eliminate CypherPy ransomware by following the set of removal instructions below as well as the recovery option for the encrypted files.
Step 1: Tap Ctrl + Shift + Esc keys to open the Task Manager.
Step 2: After opening the Task Manager, look for CypherPy ransomware’s malicious process, right click on it and select End Process or End Task.
Step 3: Close the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 4: Look for CypherPy ransomware or any suspicious program and then Uninstall it/them.
Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Navigate to the following locations below and look for CypherPy ransomware’s malicious components such as the program window as well as the suspicious files created by the rasnomware and then delete all of them.
Step 7: Close the File Explorer. Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use PC Cleaner Pro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.
Step 8: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 9: Navigate to the following path:
Step 10: Delete the registry keys and sub-keys created by CypherPy ransomware.
Step 11: Close the Registry Editor.
Step 12: Empty your Recycle Bin.
To make sure that nothing is left behind and that the CypherPy is completely removed, use the following antivirus program. To use it, refer to the instructions below.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Boxwill show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. Installation will start automatically once download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Rgister the program to protect your computer from future threats.