HolyCrypt

HolyCrypt targets Windows OS and its method of distribution is currently unknown. HolyCrypt is written in Python and compiled into a single Windows executable file using PyInstaller. It targets certain files located in the %UserProfile% folder using AES encryption. HolyCrypt prepends impacted file names with the word “encrypted.” Once that routine is complete, it creates an alert file and sets it as the desktop wallpaper and the ransom note which includes a threat to delete the decryption key after 24 hours of non-payment. The ransom payment demand for HolyCrypt is currently unknown.

  • Bleeping Computer provides more information about HolyCrypt here.
     
  • The NJCCIC is not aware of any decryption tools available for HolyCrypt.
HolyCrypt example (source: Bleeping Computer)

HolyCrypt example (source: Bleeping Computer)