Multi-lock ransomware

Cybercrooks have forged a strain of ransomware that uses a unique encryption key for each locked file.

CryPy fetches unique encryption keys to individually encrypt files on compromised systems. The tactic gives crooks the ability to selectively unlock compromised files, potentially allowing crooks to extort more cash from victims. The facility gives miscreants the ability to establish trust with their victims by decrypting sample files.

A detailed analysis by security researchers suggests that the Python-based malware is still a work in progress. “In [its] current state, the [malicious] executable fails to encrypt the file system, simply because the threat actors must have migrated from the current server to another,” according to Kaspersky Lab researchers.

The ransomware initially hid behind an Israeli web server which was compromised using a known vulnerability in the Magento content management system. ®