Repl Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 74 |
| First Seen: | July 16, 2020 |
| Last Seen: | July 2, 2022 |
| OS(es) Affected: | Windows |
Repl Ransomware Image
Repl Ransomware is the name of a newly-identified file-locker. This data-encrypting Trojan is a variant of the infamous STOP Ransomware. There are hundreds of copies of this notorious data-locker, among which the Repl Ransomware is the newest one.
Propagation and Encryption
File-lockers like the Repl Ransomware are typically propagated with the help of mass spam emails. The emails in question usually mislead users into clicking on a malicious link or launching a macro-laced attachment on their PC. However, not all cybercriminals use phishing emails to distribute malware. Some opt to use malicious ads, fake software updates, and downloads, torrent trackers, bogus social media posts, etc. Regardless of the infection vector, once the Repl Ransomware has infiltrated your computer, it will scan your files and begin encrypting them. The Repl Ransomware is likely to target a variety of filetypes – images, audio files, documents, videos, presentations, databases, spreadsheets, archives, and others. Once the Repl Ransomware encrypts a targeted file, you may notice that its name is changed too. This is because this file-locker adds a '.repl' extension to the names of the locked files. For example, a file that was initially named 'brick-wall.webm' will be renamed to 'brick-wall.webm.repl.'
The Ransom Note
After the Repl Ransomware encrypts all the targeted files, it will drop a ransom note on the victim's desktop. This note contains the ransom message of the creators of the threat and is named '_readme.txt.' In the ransom note, the attackers claim that users who get in touch with them within 72 hours will have to pay $490 as a ransom fee. However, users who do not manage to meet the three-day deadline will have to pay double the amount, which increases the ransom fee to $980. The contact details of the attackers are ‘helpmanager@mail.ch' and ‘restoremanager@firemail.cc.' The creators of the Repl Ransomware are willing to decrypt one file for free, as long as it does not contain any valuable data.
The Repl Ransomware note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-q9ro1midUb
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
helpmanager@mail.chReserve e-mail address to contact us:
restoremanager@airmail.ccYour personal ID:
-
It is not a good idea to give in to the demands of cyber crooks. Paying up does not guarantee you that you will receive the decryptor that you need. It is advisable to download and install an up-to-date, legitimate antivirus solution that will remove the Repl Ransomware from your system.
