Introduction:
Reyptson is a ransomware-type virus discovered by malware security researcher, xXToffeeXx. Once infiltrated, Reyptson encrypts stored data using AES-128 cryptography. In doing so, this ransomware appends filenames with the ".REYPTSON" extension (for example, "sample.jpg" is renamed to "sample.jpg.REYPTSON"). Reyptson then creates a text file ("Como_Recuperar_Tus_Ficheros.txt"), places it in each folder containing encrypted files, and opens a pop-up window.
Infection Strategies:
To proliferate ransomware, cyber criminals often use spam emails (infectious attachments), peer-to-peer (P2P) networks and other unofficial software download sources (torrents, freeware download websites, free file hosting websites, etc.), fake software updaters, and trojans. Spam emails often contain malicious attachments (for example, JavaScript files, MS Office documents, etc.) designed to download/install the malware. Unofficial download sources often proliferate malware by presenting it as legitimate software. Fake updaters exploit old software bugs/flaws to infect the system.
Encryption:
when victim execute the ransomware sample he assume it as pdf invoice,but after pdf opened malware will connect to remote command and control(c2) server and send unique id string that consist of system volume's serial number ,user login name and time.
The c2 then reply with string that consist of encryption password and username and password that victim will use to login to payment server. once it receives the information it will begins to encrypt victims computer.
Decryption Key:
Not available yet.
sample:
Comments
Post a Comment