Threat Analysis Unit - Threat Intelligence Notification
Title: TAU-TIN – PyCrypter Ransomware
PyCrypter is a ransomware variant that is written in Python with the source code publicly available. PyCrypter entrenches to automatically run on startup and read web browser data. It will also delete volume shadow copies by using scheduled tasks to ensure all the data cannot be restored easily. Following is the screenshot of the ransom note by PyCrypter Ransomware.
Figure 1: Screenshot of the ransom note
This post serves to inform our customers about detection and protection capabilities within the VMware Carbon Black suite of products against PyCrypter Ransomware.
PyCrypter variants will perform the following behavior:
Add registry key to ensure it will run every startup: