- Apr 9, 2020
- 656
- Content source
- https://www.gdatasoftware.com/blog/cyrat-ransomware
A new ransomware uses an unusual symmetric encryption method named "Fernet". It is Python based and appends .CYRAT to encrypted files.
Conclusion:
As it is often the case with brand new malware discoveries, this sample is buggy and not yet ready to infect any system because it crashes in it's current state. However, the threat actor's reply shows they are active and might have already published versions that work. It's usually just a matter of time until those flaws are fixed. The problematic choice of the Fernet encryption method may take its toll on systems while they try to encrypt gigabyte sized files in RAM all at once.
Some parts of the code show an intention of also infecting Darwin and Linux systems, which may be added later on.
Unfortunately, there is currently no known way to decrypt files without the key.