Kupidon Ransomware
The Kupidon Ransomware is a file-locking Trojan that blocks digital media on your PC, such as pictures, music, or documents. Secure backups are vital for rolling back any data loss from its attacks, especially, although some users may have limited recovery opportunities through other means. Most anti-malware services should delete the Kupidon Ransomware or block any of the drive-by-downloads that could lead to installation.
Last Year's Trojan might be Back for More
Late in 2019, the Nyton Ransomware became a minor note in the threat landscape from being a rare sight of a truly-independent, file-locking Trojan shouldering its way between enormous families like the Scarab Ransomware RaaS, the Jigsaw Ransomware spinoffs, and Hidden Tear variants. Months later, a view of what might be its successor is cropping up, with samples out in the wild. The Kupidon Ransomware has symptoms in common with the older Trojan substantially, although malware experts have yet to trace the lineage between the two firmly.
The Kupidon Ransomware – whose name is a possible Hebrew variant of 'Cupid' – shows the usual, hallmark features of a file-locking Trojan. The Kupidon Ransomware can stop digital media files from opening by encrypting them, adds part of its name to theirs as a second extension, and creates a TXT ransom note that sells its unlocking help. Although the Kupidon Ransomware uses a ransom that's almost half as cheap as those favored by most RaaS families, it also provides TOR website infrastructure, which is similar to other 'professional' extortionist campaigns.
The ransoming message offers the closest tie between the Kupidon Ransomware and the Nyton Ransomware, due to nearly entirely copy-pasted text. There are a few differences malware researchers do confirm: updates to links and theming that are par for long-term maintenance. Whether or not the Nyton Ransomware is part of a minor, for-hire service on the Dark Web, or is getting a code rework for updates like the Kupidon Ransomware by independent threat actors, is a question open to answering.
The Way to Guarantee a Sure Miss from Cupid's Arrow
The Kupidon Ransomware depends on victims that don't have backups for recovering any files without trouble – or the risk of paying a ransom. By contrast, even 'customers' that buy the Trojan's premium decryptor may get no service or buggy results that damage their media. All Windows users can protect their documents and other work by keeping one or more backups on different devices, whether it's removable storage or a cloud service.
Some infection vectors are strong preferences for file-locking Trojans:
- Using Black Hat tools for finding open RDP services without reliable password protection.
- Torrents and various illicit piracy-themed downloads.
- Exploit Kits (browser-based threats that use software vulnerabilities for their drive-by-download attacks).
- Phishing e-mail lures (mainly for business or government-based targets).
Standard safe Web-browsing guidelines will stop most of these attacks by eliminating significant vulnerabilities or triggering defenses such as macro request prompts. Anti-malware programs from trustworthy vendors also should remove the Kupidon Ransomware as it becomes necessary.
The Kupidon Ransomware's throwing old ransom notes right back into the public's face is an unforeseen but not unusual development. File-locking Trojans will reuse, recycle, and collect whatever they need for getting their ransoms, and sometimes that includes cloning messages – or code.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.