Repter ransomware, a new variant of the Fonix ransomware, will encrypt files and demand money for their recovery.
Repter ransomware will encrypt files
Repter ransomware is the newest variant of the Fonix ransomware, data-encrypting malware that holds files hostage. Repter ransomware is recognizable from the .repter file extension added to encrypted files. All files with this extension will not be openable, unless users use a certain tool to decrypt them. The operators behind this ransomware will try to sell the decryption tool to victims, though the price is not specified in the ransom note it drops. It is likely that the requested sum will vary between $300 to $1000. Many cybersecurity researchers discourage from paying the ransom because it’s not uncommon for cyber crooks to take the money but not send the decryptor. The only sure way to recover files is via backup. However, there are plenty of users who do not regularly back up their files because they do not think it’s needed.
If backup is available, it’s first necessary to delete Repter ransomware before starting file recovery. If users connect to their backup and start retrieving their files while ransomware is still present, the malware may encrypt those files as well. And to remove Repter ransomware from the computer, using anti-malware is necessary, as otherwise users may do additional damage to their systems.
Spam campaigns are often used to distribute ransomware
Ransomware is widely distributed via spam email campaigns. Users whose emails have been leaked or were part of a breach are usually the targets of such attacks. In most cases, the malicious emails are fairly obvious, though there are more sophisticated attempts that target specific people, companies or organizations. Because of how prominent the problem of ransomware is, it’s necessary for companies to train users to spot malicious emails, as often human errors leads to systems being infected. Regualr users should also be familiar with ransomware emails and how to spot them.
When users receive an unsolicited email, the first thing they should check is who the sender is. If the sender claims to be from some kind of company or organization that users have business with, they should be able to recognize the email address. If the email address is not familiar or it looks completely random, users should be extra cautious. Grammar mistakes in what’s supposed to be a professional email are often the biggest sign that an email may be spam with malware attached.
Users are encouraged to ignore spam and unsolicited emails with attachments. Though if that is not possible, the attachments should be scanned with anti-malware software or a service like VirusTotal to determine whether they are malicious or not.
Ransomware can also be encountered on torrent websites. Most users are aware that torrent sites are mostly unregulated and it’s very easy to get malware but the possibility of downloading copyrighted content for free is very tempting. If users do download torrents regularly, they should be very careful. It’s recommended to read comments and check the files in the torrent before downloading.
Lastly, to prevent ransomware and other malware from entering the computer via vulnerabilities, it’s encouraged to install updates as they are released.
Is Repter ransomware dangerous?
Like all ransomware, as soon as it is launched, the ransomware will immediately look for files to encrypt. It mainly targets photos, videos, documents, etc., as those are the files users would be willing to pay for most often. All encrypted files will have an extension containing an email address and .repter, hence why this malware is known as Repter ransomware. Once they’ve been encrypted, users will not be able to open the files.
A ransom note “How To Decrypt Files.hta” will also appear on the screen, containing information about how to decrypt Repter ransomware files. The note explains that a decryptor is needed in order to recover files, and victims can buy it by sending an email to email@example.com. The price for the decryptor is not specified, though the cyber crooks offer a 50% discount if victims contact them within 48 hours. They also offer to decrypt 3 files for free, provided they do not contain any valuable information.
The Repter ransomware ransom note in text form:
——-ALL YOUR FILES HAS BEEN ENCRYPTED——-
Don’t worry about anything, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
Our Email = firstname.lastname@example.org
Your Personal ID =
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 3 file for free. File must not contain valuable information
Don’t try to use third-party decrypt tools because it will destroy your files.
!! we 100% able to restore your files !!
Discount 50% available if you contact us first 48 hours
after 48 hours you should pay Double (Include this id in your message or email)
in case of no answer in 2 hours write us to this Email = Repter@elude.in
if you don’t know how to buy bitcoin you can use this link
the easiest way to buy bitcoin is localBitcoins
Don’t delete any files or rename encrypted files
If you using other applications to decrypt, it may damage your files
Don’t find your backups? they have been Successfully encrypted too or securly wiped.
Paying the ransom is always risky, as victims have no way of knowing whether they will receive a decryptor. It’s not uncommon for malware operators to just take the money without sending the decryptor. Victims buying the decryptor also makes ransomware a profitable business for cyber criminals, which encourages them to continue.
The looming threat of ransomware is why regularly backing up files is important. If backup is available, users need to first delete Repter ransomware before connecting to backup. Otherwise, the ransomware may also encrypt the files in the backup.
Repter ransomware removal
Because ransomware is a tricky infection to deal with, it’s necessary to use anti-malware software to get rid of it. Once users uninstall Repter ransomware with anti-malware, they will be able to safely connect to their backup to start recovering files. Unfortunately, for users who do not have backup, the only way to recover files would be to wait for malware researchers to release a free decryptor.