Reyptson Ransomware–Threat In Detail
Reyptson is a crypto-virus that encrypts files on the target PC and demands ransom to be paid by the victim to free the files. The ransom note is written in Spanish which means it mostly target Spanish users but other can also be infected. The files are encrypted using AES-128 bit cipher algorithm method and the encrypted files are appended with .REYPTSON extension. Reyptson ransomware demands a payment of 200 euros by its victims.
|Description||Reyptson Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.|
|Occurrence||spam mail attachments., exploit kits, malicious links and java script codes..|
|Possible Symptoms||The ransom note can be seen on desktop and other file directories and files could not be accessible.|
|Detection Tool||Download the Detection tool– To confirm attack of Reyptson Ransomware virus on your computer.|
Reyptson Ransomware is distributed through spam mail attachment as a malicious script that contains the following message:
The user is asked to click on the “Ver o imprimir factura” button, which actually contains the redirect link to the following address: “http://www.melvinmusicals[.]com/facefiles/factura.pdf.rar”
Once the user clicks on this link, they are redirected to the above address which starts downloading the updates and versions of the threat along with a malicious PDF file named as factura.pdf.exe is downloaded which is an executable file containing the payloads of the Reyptson Ransomware. If the user open/execute this file on their device, then the virus gets installed and your PC will become infected with Reyptson file-encrypting Ransomware threat.
More about Reyptson Ransomware
Reyptson Ransomware changes the windows Registry entries to launch each time the window’s starts and takes up huge system resources to encrypt the files. It also initiates lots of background process like replicating its files, showing a pop-up screen which appear to be warning from Abode Reader saying “SpotifyWebHelper.pdf” file is missing. But this is just a trick to mislead users so that they do not turn off or stop the encryption process.
Reyptson virus can further spread through Simple Mail Transfer Protocol and Thunderbird that can be send to your contact list. So many more devices could come under its contact and get infected. Also, sharing files over social media and file transfers over infected network could drop its payloads to your system.
Along with that, Reyptson Ransomware also leaves a ransom note detailed with how to contact them and decrypt files.
The ransom Note says:
TUS FICHEROS HAN SIDO CIFRADOS, SI QUIERES RECUPERARLOS SIGUE LAS INSTRUCCIONES
Accede a este sitio web: https://37z2akkbd3vqphw5.onion.link/?usario=4406091797&pass=3411
En el tienes las instrucciones para recuperar tus ficheros y un soporte con el que
podrás contactarnos para recibir asistencia técnica.
Si no puedes acceder puedes entrar bajandote un navegador llamado tor de:
Y entrando a: http://37z2akkbd3vqphw5.onion/?usario=4406091797&pass=3411
Para poder descifrar tus ficheros tendrás que pagar 200€ pero si te retrasas mas
de 72H tendrás que pagar 500€
It also drops a file named as Como_Recuperar_Tus_Ficheros.txt which contains the instructions on how to contact them and pay the ransom.
Como recuperar tus ficheros del cifrador Reyptson
Tienes toda la información en esta web:
Si no puedes entrar descarga el navegador tor desde:
y entra a: http://37z2akkbd3vqphw5.onion/?usuario=4406091797&pass=3411
Para poder descifrar tus ficheros tendras que pagar 200€
pero si te retrasas mas de 72H tendras que pagar 500€
Tus datos de acceso son:
The ransom note by Reyptson virus states that your documents has been encrypted and you need to pay a ransom of 200 euros to get back your files with the deadline of 3 days that is 72 hours. IF the user fails to comply the deadline, then the victim has to pay 500 euros. Reyptson virus uses the TOR network for the payment process https://37z2akkbd3vqphw5.onion.link.
List of file extension encrypted
→ .doc, .docm, .docx, .pdf, .ppt, .pptx, .rtf, .txt, .xls, .xlsx