Computer security specialists discovered a new variant of ransomware which called Reyptson virus. It appends the .Reyptson extension to encrypted file names. This post will provide you with all the things you need to know about ransomware virus, how to remove Reyptson ransomware virus from your PC and how to restore all encrypted files for free.
The Reyptson is a ransomware virus, which made to encrypt the personal documents, photos and music found on infected computer using AES 128-bit encryption method, appending Reyptson extension to all encrypted personal files. Once the encryption procedure is finished, it will display a ransom note offering decrypt all users files if a payment is made.
Table of contents
The ransom demanding message encourages victim to contact Reyptson’s authors in order to decrypt all photos, documents and music. These persons will require to pay a ransom €200 (€500 after 72 hours) in Bitcoins. We do not recommend paying a ransom, as there is no guarantee that you will be able to decrypt your personal files. Especially since you have a chance to recover your files for free using free utilities such as ShadowExplorer and PhotoRec.
Instructions which is shown below, will help you to remove Reyptson ransomware virus as well as recover encrypted personal files stored on your computer drives.
What is Reyptson ransomware
Reyptson is a variant of crypto viruses (malware which encrypt personal files and demand a ransom). It affects all current versions of MS Windows operating systems such as Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10. This ransomware infection uses a strong encryption algorithm with a big key to eliminate the possibility of brute force a key that will allow to decrypt encrypted photos, documents and music.
When the ransomware virus infects a machine, it uses system directories to store own files. To run automatically whenever you turn on your system, Reyptson ransomware creates a registry entry in Windows: sections HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce.
Immediately after the launch, the ransomware infection scans all available drives, including network and cloud storage, to determine which files will be encrypted. The ransomware infection uses the file name extension, as a way to define a group of files that will be subjected to encrypting. Encrypted almost all types of files, including common as:
.bc7, .dba, .cfr, .wpw, .raw, .xar, .itdb, .xxx, .ods, .sidd, .db0, .rofl, .odm, .ppt, .docx, .tor, .wps, .crt, .wbd, .sie, .mdf, .pdd, .wpg, .iwd, .xlgc, .hkdb, .wcf, .sr2, .mov, .wpd, .zabw, .gho, .layout, .wbm, .r3d, .raf, .vfs0, .xbplate, .pptm, .m3u, .wpb, .cr2, .rwl, .icxs, .xyp, .png, .iwi, .psk, .wmv, .ybk, .xy3, .ysp, .dmp, .wdp, .jpg, .fpk, .txt, .z, .bay, .qdf, .kf, .sav, .dcr, .nrw, .ptx, .forge, .esm, .kdc, .dazip, .z3d, .vdf, .pptx, .wmv, .x3f, .bar, .ncf, .wp4, .p12, .dxg, .cas, .mpqge, .wp6, .litemod, .sum, .xlk, .lbf, .xdb, .psd, .wbmp, .dng, .syncdb, .pfx, .qic, .x3d, .wmo, .7z, .odt, .xlsb, .kdb, .big, .zif, .pak, .3dm, .pkpass, .zw, .upk, .xmind, .wsc, .zdc, .pst, .avi, .epk, .ltx, .w3x, .odp, .ws, .wp, .odb, .yal, .wpe, .xpm, .dwg, .rtf, .flv, .hvpl, .xyw, .csv, .ztmp, .dbf, .xls, .xls, .yml, .t13, .wbk, .srf, .x3f, .zip, .itl, .wps, .hplg, .bik, .x, .wpt, .cdr, .ff, .der, .p7b, .docm, .rgss3a, .bc6, .svg, .blob, .lvl, .tax, .bkp, .das, .rim, .sidn, .mef, .xld, .rw2, .zip, .erf, .sql, .desc, .wp7, .snx, .sid, .xlsm, .sb, .wot, .js, .xlsx, .xf, .wdb, .mp4, .srw, .itm, .webp, .xlsm, .xbdoc, .wb2, .mlx, .xdl, .xx, .vpp_pc, .rar, .pdf, .wpl, .wmd, .wotreplay, .wav
Once a file is encrypted, its extension modified to Reyptson. Next, the virus creates a file called “Como_Recuperar_Tus_Ficheros.txt”. This file contain instructions on how to decrypt all encrypted personal files. An example of the guide is:
—————————————————–
Como recuperar tus ficheros del cifrador Reyptson
—————————————————–
Tienes toda la información en esta web:
https://37z2akkbd3vqphw5.onion.link/xxxxx
Si no puedes entrar descarga el navegador tor desde:
https://www.torproject.org/download/download
y entra a: http://37z2akkbd3vqphw5.onion/?usuario=xxxxxPara poder descifrar tus ficheros tendras que pagar 200€
pero si te retrasas mas de 72H tendras que pagar 500€Tus datos de acceso son:
Usuario: xxxxx
Contraseña: xxxxx
The Reyptson ransomware infection actively uses scare tactics by giving the victim a brief description of the encryption algorithm and showing a ransom note on the desktop. It is trying to force the user of the infected personal computer, do not hesitate to pay a ransom, in an attempt to restore their documents, photos and music.
How to decrypt .Reyptson files
Currently there is no available solution to decrypt Reyptson files, but you have a chance to restore encrypted personal files for free. The ransomware infection repeatedly tells the victim that uses AES-128 encryption method. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a way because of the big length of the key. Therefore, unfortunately, the only payment to the creators of the Reyptson virus entire amount requested – the only way to try to get the decryption key and decrypt all your files.
There is absolutely no guarantee that after pay a ransom to the makers of the Reyptson ransomware virus, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware infection.
How to remove Reyptson ransomware virus
Most often it’s not possible to remove the Reyptson ransomware virus manually. For that reason, our team made several removal ways which we have summarized in a detailed guidance below. Therefore, if you have the Reyptson ransomware on your computer and are currently trying to have it removed then feel free to follow the steps below in order to resolve your problem. Certain of the steps below will require you to close the web-site. So, please read the tutorial carefully, after that bookmark or print it for later reference.
Run Zemana Anti-malware to remove Reyptson ransomware
We recommend using the Zemana Anti-malware. You may download and install Zemana Anti-malware to scan for and delete Reyptson ransomware from your personal computer. When installed and updated, the malicious software remover will automatically scan and detect all threats present on the computer.
Download Zemana anti malware by clicking on the link below and save it to your Desktop.
164110 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
After the downloading process is complete, close all software and windows on your computer. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup as shown on the screen below.
When the installation starts, you will see the “Setup wizard” that will help you install Zemana antimalware on your PC.
Once setup is done, you will see window as shown below.
Now press the “Scan” button to perform a system scan for the Reyptson ransomware infection and other trojans and harmful programs. During the scan it will detect all threats exist on your system.
As the scanning ends, it will display you the results. Make sure all malicious entries are ‘selected’ and press “Next” button.
The Zemana Anti-malware will start removing Reyptson virus related files, folders and registry keys.
How to delete Reyptson virus with Malwarebytes
You can remove Reyptson ransomware automatically with a help of Malwarebytes Free. We suggest this free malware removal utility because it can easily delete ransomware infections, ad-supported software, potentially unwanted software and toolbars with all their components such as files, folders and registry entries.
Download Malwarebytes Free from the link below and save it directly to your MS Windows Desktop.
326461 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When the download is complete, close all windows on your machine. Further, open the file named mb3-setup. If the “User Account Control” prompt pops up as on the image below, click the “Yes” button.
It will display the “Setup wizard” which will assist you install Malwarebytes on the system. Follow the prompts and do not make any changes to default settings.
Once installation is done successfully, click Finish button. Then Malwarebytes will automatically launch and you can see its main window as shown on the screen below.
Next, click the “Scan Now” button to perform a system scan for the Reyptson ransomware virus . Depending on your PC, the scan can take anywhere from a few minutes to close to an hour. During the scan it will detect all threats exist on your personal computer.
Once that process is complete, a list of all threats detected is produced. Make sure all malicious entries are ‘selected’ and click “Quarantine Selected” button.
The Malwarebytes will begin removing Reyptson ransomware virus and other security threats. Once disinfection is complete, you may be prompted to reboot your computer. We suggest you look at the following video, which completely explains the process of using the Malwarebytes to remove ransomware infection, adware and other malicious software.
Remove Reyptson ransomware virus from computer with KVRT
If MalwareBytes anti-malware or Zemana anti malware cannot get rid of this ransomware, then we advises to use the KVRT. KVRT is a free removal utility for ransomwares, adware, PUPs and toolbars.
Download Kaspersky virus removal tool (KVRT) on your PC system from the link below.
129082 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the download is complete, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen as shown in the figure below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button for scanning your PC for the Reyptson ransomware infection and other malware. Depending on your PC system, the scan can take anywhere from a few minutes to close to an hour. When a threat is detected, the number of the security threats will change accordingly.
After finished, it’ll open you the results like below.
Make sure all malicious entries are ‘selected’ and click on Continue to start a cleaning task.
How to restore .Reyptson files
In some cases, you can restore files encrypted by Reyptson ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted documents, photos and music.
Use ShadowExplorer to recover .Reyptson files
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Download ShadowExplorer on your Windows Desktop from the following link.
438817 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
Once downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as on the image below.
Double click ShadowExplorerPortable to launch it. You will see the a window like below.
In top left corner, select a Drive where encrypted photos, documents and music are stored and a latest restore point as on the image below (1 – drive, 2 – restore point).
On right panel look for a file that you want to recover, right click to it and select Export as displayed in the following example.
Run PhotoRec to restore .Reyptson files
Before a file is encrypted, the Reyptson ransomware infection makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your documents, photos and music using file restore software such as PhotoRec.
Download PhotoRec by clicking on the following link and save it to your Desktop.
When downloading is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It’ll open a screen as shown on the image below.
Select a drive to recover as displayed in the following example.
You will see a list of available partitions. Select a partition that holds encrypted files as shown on the image below.
Click File Formats button and specify file types to restore. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.
Next, click Browse button to select where restored personal files should be written, then click Search.
Count of recovered files is updated in real time. All recovered documents, photos and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the recovery is done, click on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as displayed on the screen below.
All recovered personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to prevent your machine from becoming infected by Reyptson ransomware?
Most antivirus programs already have built-in protection system against the ransomware infection. Therefore, if your personal computer does not have an antivirus program, make sure you install it. As an extra protection, use the CryptoPrevent.
Use CryptoPrevent to protect your computer from Reyptson ransomware infection
Download CryptoPrevent from the link below and save it directly to your MS Windows Desktop.
www.foolishit.com/download/cryptoprevent/
Run it and follow the setup wizard. Once the installation is done, you’ll be displayed a window where you can choose a level of protection, as displayed on the image below.
Now press the Apply button to activate the protection.
How does your system get infected with Reyptson virus
The Reyptson virus is distributed through the use of spam emails. Once this attachment has been opened, this virus will be opened automatically as you do not even notice that. The Reyptson ransomware virus will begin the encryption process. When this process is finished, it will show the usual ransomnote like above on Como_Recuperar_Tus_Ficheros.txt.
Finish words
After completing the guide above, your personal computer should be clean from Reyptson ransomware virus and other malware. Your machine will no longer encrypt your photos, documents and music. Unfortunately, if the step-by-step tutorial does not help you, then you have caught a new variant of ransomware virus, and then the best way – ask for help.
- Download HijackThis from the link below and save it to your Desktop.
HijackThis download
4711 downloads
Version: 2.0.5
Author: OpenSource
Category: Security tools
Update: November 7, 2015
- Double-click on the HijackThis icon. Next press “Do a system scan only” button.
- Once it has finished scanning your machine, the scan button will read “Save log”, click it. Save this log to your desktop.
- Create a Myantispyware account here. Once you’ve registered, check your e-mail for a confirmation link, and confirm your account. After that, login.
- Copy and paste the contents of the HijackThis log into your post. If you are posting for the first time, please start a new thread by using the “New Topic” button in the Spyware Removal forum. When posting your HJT log, try to give us some details about your problems, so we can try to help you more accurately.
- Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the Reyptson ransomware.