There’s a whole new wave of ransomware being unleashed on the Internet, and this new breed of malicious software is being launched by individuals who don’t necessarily even possess the knowledge themselves to develop such criminal software. We are now in the age of Malware as a Service, and malware creation kits are being supplied to anyone who can pay for them, and wants to use them for their own profit.

One of the newest examples of this type is called DynA-Crypt, and it appears to have been launched by someone who lacks both knowledge and scruples, locking victims’ computers for ransom, and indiscriminately deleting critical files in the process, with no hope of recovery. This new ransomware was recently identified by malware analyst Karsten Hahn, who discovered that it steals information from a computer using PowerShell scripts and a whole arsenal of standalone executables. Ultimately, it encrypts critical data, steals passwords and contact information, and leaves a computer system in a shambles by deleting files.

How DynA-Crypt works
While running on a computer, DynA-Crypt steals data from many of the programs installed on a given machine, records keystroke commands and system sounds, and takes screenshots of the Desktop. Some of the programs from which this malware steals information include Chrome, Firefox, Skype, Steam, Thunderbird, and TeamSpeak, packaging up all this stolen information in a zip file and emailing it back to the originator.


Having stolen information from these program folders and many others, it then deletes some of those same folders, as well as Shadow Volume Copies, so that recovery becomes impossible. For good measure, it also deletes the entire Desktop, even though nothing is generally stolen from those Desktop folders. It then leaves a message for the user, which details the terms of the ransom, and what to do in order to have system information decrypted.

The DynA-Crypt ransomware core

The code which carries out the ransomware action in DynA-Crypt is centered around a PowerShell script, which uses the AES encryption algorithm to encrypt files on the hard drive. The program scans for these specific file extensions:
.jpg, .jpeg, .docx, .doc, .xlsx, .xls, .ppt, .pdf, .mp4, .mp3, .mov, .mkv, .png, .pst, .odt, .avi, .pptx, .msg, .rar, .mdb, .zip, .m4a, .csv, .001

It then appends a .crypt file extension to the filename so that it becomes unusable, after which it deletes all the original files, as well as backups. What this means is that even if you were to pay the ransom, you’d find your machine damaged and many of your important files completely removed and unrecoverable.

Fortunately, the ransomware part of the malware can be decrypted fairly easily, so no one should ever pay the ransom, especially in light of the fact that your machine will have been compromised anyway. For people whose machines become infected with this new malware program, there is a decryptor available from online sources, or from your own security consultant, which can at least relieve the encryption portion of damage done.

• There is NO excuse NOT to backup you files using cloud service or to a local backup.
• Don’t count on Anti-Virus and Firewalls to protect you – they won’t!

No Comments Yet

Leave a Reply

Your email address will not be published. Required fields are marked *

"Ounce of preventive is worth a pound of cure."

Call An Expert 646-755-3933

Name (required)

Email (required)


Your Message

Our Clients Love Us

Douglas Haddad AFN

Accurate, Safe & Secure
It is the smallest things that can do the most damage. In the realm of security there is no greater asset than someone who can protect you from the things you didn’t even know existed. 2Secure Corp does an amazing job at keeping our operations safe and secure, at a price that works for us. Whenever we had any emergency it was dealt with the immediacy we have grown to expect and the solutions provided were both accurate and cost effective for our organization.

Advanced Funds Network LLC
Douglas A. Haddad
Managing Partner