Repter Ransomware Description
The Repter Ransomware is a file-locking Trojan that's a variant of the Fonix Ransomware, a previously-independent threat. As with its ancestor, infections will seek to lock various digital media formats and hold them for ransom. Users should have backups for recovering lost files without paying, and anti-malware services to properly remove the Repter Ransomware.
A Second Helping of Salsa20 for 2020
File-locking Trojans becoming families is an event worth noting, even with the ongoing competition between preexisting Ransomware-as-a-Services. Fonix Ransomware, one of the cases of a mostly-unique Trojan of this type for the year, shows at least one example of an apparent offspring or another relative – the Repter Ransomware. For its part, while the Repter Ransomware keeps to the feature set that its ancestor set in place, it also shows some significant differences.
The Repter Ransomware's executable is much smaller than its forebear's, due to either streamlining of code or, more likely, superior data compression or a 'packer' utility. The 32-bit Windows program abuses the Registry for various traditional attacks, including disabling the Windows Task Manager, before it starts its Salsa20-based encryption routine. This feature turns multiple media formats (a la DOCs, PDFs, GIFs, JPGS, MP3s, ZIPs, etc.) into non-opening files, which the Trojan flags with a compound extension, including an e-mail, an ID and its name.
Although the Repter Ransomware uses the same, basic format as the Fonix Ransomware for its ransom note – an HTA or advanced HTML – the formatting of the text is different relatively. Since such changes aren't usual among RaaS families, it's worth noticing and indicates an extra degree of flexibility in this threat's theoretical ransom demands. However, ultimately, the Repter Ransomware still asks for Bitcoins for its decryptor and issues a deadline before doubling the price.
Taking the Burn Out of Saucy Trojans
Server administrators also should pay close attention to any account passwords, which, when weak, can invite dictionary or brute-force attacks by automated 'hacking' software. Malware experts recommend that all users install security patches regularly and watch over incoming e-mails for possible scams and phishing lures, which can harm random users and workplace networks equally. Unencrypted backups are the only foolproof solution to an unhindered the Repter Ransomware attack.
Since dedicated anti-malware programs will flag this threat on sight, Windows users protected by such software should have full protection from infections.
A 'bouncing new baby boy' in the Trojan race is anything but a good thing. The Repter Ransomware's simple existence points to the Fonix Ransomware being the start of something much bigger than one or two Trojans, and one can only hope that its growth will not go too far.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Repter Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.