Reyptson Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 18 |
| First Seen: | July 18, 2017 |
| Last Seen: | September 10, 2021 |
| OS(es) Affected: | Windows |
The Reyptson Ransomware is an encryption ransomware Trojan that is used to take the victims' files hostage in exchange for ransom. The Reyptson Ransomware attacks seem to be targeted mainly towards Spanish-speaking victims. The most common way in which the Reyptson Ransomware is being delivered currently is by exploiting weak Remote Desktop connections and computers with poor security. The Reyptson Ransomware attacks seem to be targeting Web servers and corporate networks, although the Reyptson Ransomware is also capable of encrypting files on individual computer users' PCs. Apart from encrypting the victims' data, the Reyptson Ransomware has surveillance capabilities and may record information like passwords and contact email information for use in other tactics. For example, the Reyptson Ransomware attack may take advantage of the victims' email contact lists to spread to other potential victims. One additional way in which the Reyptson Ransomware spreads, therefore, is through spam email attachments.
Table of Contents
How the Reyptson Ransomware Attack is Carried Out
The Reyptson Ransomware can be distributed in a fake PDF file, which is an RAR self-extracting archive that uses a double extension to hide its true nature. This allows the Reyptson Ransomware to spread through LAN or corporate networks, and encrypt multiple computers as a result of a single attack. The Reyptson Ransomware demands a payment of 200 Euros using BitCoins. Like other encryption ransomware Trojans, the Reyptson Ransomware will encrypt the victim's files and then demand a ransom to provide the decryption key. The files encrypted by the Reyptson Ransomware's attack will be recognized effortlessly because the Reyptson Ransomware will add the file extension '.REYPTSON' to the end of each file's name. The Reyptson Ransomware will target a wide variety of file types in its attack, which include files with the following file types:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
How the People Responsible for the Reyptson Ransomware may Generate a Profit
The Reyptson Ransomware uses a payment portal on TOR for victims of the attack to pay the ransom associated with the attack. The Reyptson Ransomware drops a text file named 'Como_Recuperar_Tus_Ficheros.txt' (in English: 'How_to_recover_your_files'). This file contains information about how to pay the ransom. The text of the Reyptson Ransomware ransom note, in the original Spanish reads as:
'Como recuperar tus ficheros del cifrador Reyptson
---
Tienes toda la información en esta web:
xxxxs://37z2akkbd3vqphw5.onion.link/?usuario=4406091797&pass=3411
Si no puedes entrar descarga el navegador tor desde:
xxxxs://www.torproject.org/download/download
y entra a: xxxx://37z2akkbd3vqphw5.onion/?usuario=[10 RANDOM DIGITS]&pass=[4 RANDOM DIGITS]
Para poder descifrar tus ficheros tendras que pagar 200€
pero si te retrasas mas de 72H tendras que pagar 500€
Tus datos de acceso son:
Usuario: [10 RANDOM DIGITS]
Contraseña: [4 RANDOM DIGITS]'
Essentially, the ransom note gives the victim instructions on how to pay the ransom using TOR and sets time limits where if the ransom isn't paid within 72 hours, it will be changed to 500 Euro.
Protecting Your Computer from Threats Like the Reyptson Ransomware
The best protection against ransomware Trojans like the Reyptson Ransomware is to have an updated security solution and backup copies of your files. Having backups is the most important step, since having the ability to recover the files from a backup means that these people lose any leverage that allows them to demand a ransom payment from the victim.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.