Kupidon Ransomware

Posted: May 15, 2020

Kupidon Ransomware Description

The Kupidon Ransomware is a file-locking Trojan that blocks digital media on your PC, such as pictures, music, or documents. Secure backups are vital for rolling back any data loss from its attacks, especially, although some users may have limited recovery opportunities through other means. Most anti-malware services should delete the Kupidon Ransomware or block any of the drive-by-downloads that could lead to installation.

Last Year's Trojan might be Back for More

Late in 2019, the Nyton Ransomware became a minor note in the threat landscape from being a rare sight of a truly-independent, file-locking Trojan shouldering its way between enormous families like the Scarab Ransomware RaaS, the Jigsaw Ransomware spinoffs, and Hidden Tear variants. Months later, a view of what might be its successor is cropping up, with samples out in the wild. The Kupidon Ransomware has symptoms in common with the older Trojan substantially, although malware experts have yet to trace the lineage between the two firmly.

The Kupidon Ransomware – whose name is a possible Hebrew variant of 'Cupid' – shows the usual, hallmark features of a file-locking Trojan. The Kupidon Ransomware can stop digital media files from opening by encrypting them, adds part of its name to theirs as a second extension, and creates a TXT ransom note that sells its unlocking help. Although the Kupidon Ransomware uses a ransom that's almost half as cheap as those favored by most RaaS families, it also provides TOR website infrastructure, which is similar to other 'professional' extortionist campaigns.

The ransoming message offers the closest tie between the Kupidon Ransomware and the Nyton Ransomware, due to nearly entirely copy-pasted text. There are a few differences malware researchers do confirm: updates to links and theming that are par for long-term maintenance. Whether or not the Nyton Ransomware is part of a minor, for-hire service on the Dark Web, or is getting a code rework for updates like the Kupidon Ransomware by independent threat actors, is a question open to answering.

The Way to Guarantee a Sure Miss from Cupid's Arrow

The Kupidon Ransomware depends on victims that don't have backups for recovering any files without trouble – or the risk of paying a ransom. By contrast, even 'customers' that buy the Trojan's premium decryptor may get no service or buggy results that damage their media. All Windows users can protect their documents and other work by keeping one or more backups on different devices, whether it's removable storage or a cloud service.

Some infection vectors are strong preferences for file-locking Trojans:

  • Using Black Hat tools for finding open RDP services without reliable password protection.
  • Torrents and various illicit piracy-themed downloads.
  • Exploit Kits (browser-based threats that use software vulnerabilities for their drive-by-download attacks).
  • Phishing e-mail lures (mainly for business or government-based targets).

Standard safe Web-browsing guidelines will stop most of these attacks by eliminating significant vulnerabilities or triggering defenses such as macro request prompts. Anti-malware programs from trustworthy vendors also should remove the Kupidon Ransomware as it becomes necessary.

The Kupidon Ransomware's throwing old ransom notes right back into the public's face is an unforeseen but not unusual development. File-locking Trojans will reuse, recycle, and collect whatever they need for getting their ransoms, and sometimes that includes cloning messages – or code.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kupidon Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Kupidon Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.