Repter Ransomware
The Repter Ransomware is a file-locking Trojan that's a variant of the Fonix Ransomware, a previously-independent threat. As with its ancestor, infections will seek to lock various digital media formats and hold them for ransom. Users should have backups for recovering lost files without paying, and anti-malware services to properly remove the Repter Ransomware.
A Second Helping of Salsa20 for 2020
File-locking Trojans becoming families is an event worth noting, even with the ongoing competition between preexisting Ransomware-as-a-Services. Fonix Ransomware, one of the cases of a mostly-unique Trojan of this type for the year, shows at least one example of an apparent offspring or another relative – the Repter Ransomware. For its part, while the Repter Ransomware keeps to the feature set that its ancestor set in place, it also shows some significant differences.
The Repter Ransomware's executable is much smaller than its forebear's, due to either streamlining of code or, more likely, superior data compression or a 'packer' utility. The 32-bit Windows program abuses the Registry for various traditional attacks, including disabling the Windows Task Manager, before it starts its Salsa20-based encryption routine. This feature turns multiple media formats (a la DOCs, PDFs, GIFs, JPGS, MP3s, ZIPs, etc.) into non-opening files, which the Trojan flags with a compound extension, including an e-mail, an ID and its name.
Although the Repter Ransomware uses the same, basic format as the Fonix Ransomware for its ransom note – an HTA or advanced HTML – the formatting of the text is different relatively. Since such changes aren't usual among RaaS families, it's worth noticing and indicates an extra degree of flexibility in this threat's theoretical ransom demands. However, ultimately, the Repter Ransomware still asks for Bitcoins for its decryptor and issues a deadline before doubling the price.
Taking the Burn Out of Saucy Trojans
The Repter Ransomware's campaign shows no evidence surrounding any infection exploits, but most file-locking Trojans will target easily-plucked fruit, AKA non-secure victims. Individuals might endanger their home computers by downloading software cracks from torrents or corrupted sites, or trusting fake software patches – a favorite drive-by-download scam of Exploit Kits. Legal downloading behavior, sensible precautions like turning off JavaScript and installing patches, and scanning new files will limit opportunities for infections.
Server administrators also should pay close attention to any account passwords, which, when weak, can invite dictionary or brute-force attacks by automated 'hacking' software. Malware experts recommend that all users install security patches regularly and watch over incoming e-mails for possible scams and phishing lures, which can harm random users and workplace networks equally. Unencrypted backups are the only foolproof solution to an unhindered the Repter Ransomware attack.
Since dedicated anti-malware programs will flag this threat on sight, Windows users protected by such software should have full protection from infections.
A 'bouncing new baby boy' in the Trojan race is anything but a good thing. The Repter Ransomware's simple existence points to the Fonix Ransomware being the start of something much bigger than one or two Trojans, and one can only hope that its growth will not go too far.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.