PyL33T Ransomware Analysis Report
Early in 2017, PyL33T Ransomware samples were uploaded to an online security checking website. Actually, this ransomware program is coded into Python programming language and its authors wanted to be sure that AV scanners are either able to detect PyL33T Ransomware or not. Unlike many other cypto virus, this ransomware appears to aimed at server and corporate networks and mainly focused on online databases. Since, it is completely coded into Python – which allows for modular structure, easy implementation of updates, upgrading features and simple steps for reconfiguration to fulfill the needs of money extortionists. Hence, we can say that PyL33T is similar to CryPy and Holycryt Ransomware. Further, security experts analyzed the source code and came across that the ransomware developer may strive to embed the ransomware into Microsoft Document instead using some kind of trojan dropper or exploit kits. Perhaps, the distribution channel network for this ransomware may include spam campaigns carried forward via spear-phishing emails. Basically, the ransomware may target small businesses that aren't using protected data backup solution on the daily basis.
What's worse, PyL33T Ransomware uses a custom cipher made of combination of AES and RSA ciphers to encode saved files on the compromised computer and secure encryption process. Once your files are encrypted, you notice the encrypted files have '.d4nk' extension. For instance, Sample.html will be transcoded into 'Sample.html.d4nk'. You won't be able to read encoded files featuring the same extension. You should also note that you can not recover your files without a proper private key because the ransomware smartly coded to delete Shadow Volume copies on your machine as well. As you may know, Data Recovery software always read Shadow Volume copies to restore your original files. But, if Shadow copies don't exist then you will have only few solutions left – System Restore or Backup Drive. Detailed info is mentioned in removal part.
Highlights of PyL33T Ransomware
a) Speaking of PyL33T Ransomware symptoms, you may find files named 'Decrypt_Data' and 'READ_ME_TO_DECRYPT on your desktop, even inside each folders having encrypted files. These files contain following text:
"You Have Been Infected With Ransomware
Please Make Note of Your Unique Identifier"
b) PyL33T Ransomware (in-Dev Version) is aimed to encode the following types of files on the compromised computer:
.doc, .docx, .ppt, .raw, .odb, .odc, .pptx, .dba, .wallet, .kbdx .pub, .pdf, .xlsx, .mp3, .mov, .mp4, .docm, .oma, .html, .jpg, .JPEG, .php, .html, .sql, .7z, .css.
Therefore, to safeguard your computer, you must keep efficient Antivirus software updated and activated on your each computer running Microsoft Windows. Also, stop participating in suspicious activities like executing files, double clicking pop up ads and updating software from certainly rerouted links. Finally, you got all the needful info, follow the given guide to get rid of PyL33T Ransomware and recover your files.
No comments:
Post a Comment