Repter Ransomware

Posted: July 16, 2020

Repter Ransomware Description

The Repter Ransomware is a file-locking Trojan that's a variant of the Fonix Ransomware, a previously-independent threat. As with its ancestor, infections will seek to lock various digital media formats and hold them for ransom. Users should have backups for recovering lost files without paying, and anti-malware services to properly remove the Repter Ransomware.

A Second Helping of Salsa20 for 2020

File-locking Trojans becoming families is an event worth noting, even with the ongoing competition between preexisting Ransomware-as-a-Services. Fonix Ransomware, one of the cases of a mostly-unique Trojan of this type for the year, shows at least one example of an apparent offspring or another relative – the Repter Ransomware. For its part, while the Repter Ransomware keeps to the feature set that its ancestor set in place, it also shows some significant differences.

The Repter Ransomware's executable is much smaller than its forebear's, due to either streamlining of code or, more likely, superior data compression or a 'packer' utility. The 32-bit Windows program abuses the Registry for various traditional attacks, including disabling the Windows Task Manager, before it starts its Salsa20-based encryption routine. This feature turns multiple media formats (a la DOCs, PDFs, GIFs, JPGS, MP3s, ZIPs, etc.) into non-opening files, which the Trojan flags with a compound extension, including an e-mail, an ID and its name.

Although the Repter Ransomware uses the same, basic format as the Fonix Ransomware for its ransom note – an HTA or advanced HTML – the formatting of the text is different relatively. Since such changes aren't usual among RaaS families, it's worth noticing and indicates an extra degree of flexibility in this threat's theoretical ransom demands. However, ultimately, the Repter Ransomware still asks for Bitcoins for its decryptor and issues a deadline before doubling the price.

Taking the Burn Out of Saucy Trojans

The Repter Ransomware's campaign shows no evidence surrounding any infection exploits, but most file-locking Trojans will target easily-plucked fruit, AKA non-secure victims. Individuals might endanger their home computers by downloading software cracks from torrents or corrupted sites, or trusting fake software patches – a favorite drive-by-download scam of Exploit Kits. Legal downloading behavior, sensible precautions like turning off JavaScript and installing patches, and scanning new files will limit opportunities for infections.

Server administrators also should pay close attention to any account passwords, which, when weak, can invite dictionary or brute-force attacks by automated 'hacking' software. Malware experts recommend that all users install security patches regularly and watch over incoming e-mails for possible scams and phishing lures, which can harm random users and workplace networks equally. Unencrypted backups are the only foolproof solution to an unhindered the Repter Ransomware attack.

Since dedicated anti-malware programs will flag this threat on sight, Windows users protected by such software should have full protection from infections.

A 'bouncing new baby boy' in the Trojan race is anything but a good thing. The Repter Ransomware's simple existence points to the Fonix Ransomware being the start of something much bigger than one or two Trojans, and one can only hope that its growth will not go too far.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Repter Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Repter Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.