- Jul 22, 2014
- 2,525
Over the weekend, Emsisoft security researcher xXToffeeXx discovered a new ransomware called Reyptson that is targeting Spanish victims. Since then, we have seen increased activity in the ransomware's developmen. Today security researcher MalwareHunterTeam took a deeper look and noticed that Reyptson conducts its own spam distribution campaign directly from a victim's configured Thunderbird email account.
This is a new feature that has not been seen in ransomware before, so I decided to take a deeper dive into this ransomware to see what we could find. For those who have been infected with the Reyptson Ransomware, unfortunately there is no way to decrypt this ransomware currently for free. We have, though, setup a dedicated Reyptson Support & Help Topic for those who wish to discuss it or ask questions.
Reyptson Spreads by Spamming the Victim's Thunderbird Contacts
Unlike any other ransomware that I remember, Reyptson includes the ability to distribute itself through a spam email campaign conducted from the victim's computer. It does this by checking if the Thunderbird email client is installed, and if it is, it will attempt to read the victim's email credentials and contact list.
...
....
Good news..high detection rate on VT
Antivirus scan for e6d549543863cd3eb7d92436739a66da4b2cc1a9d40267c4bb2b2fa50bf42f41 at 2017-07-18 03:05:03 UTC - VirusTotal
This is a new feature that has not been seen in ransomware before, so I decided to take a deeper dive into this ransomware to see what we could find. For those who have been infected with the Reyptson Ransomware, unfortunately there is no way to decrypt this ransomware currently for free. We have, though, setup a dedicated Reyptson Support & Help Topic for those who wish to discuss it or ask questions.
Reyptson Spreads by Spamming the Victim's Thunderbird Contacts
Unlike any other ransomware that I remember, Reyptson includes the ability to distribute itself through a spam email campaign conducted from the victim's computer. It does this by checking if the Thunderbird email client is installed, and if it is, it will attempt to read the victim's email credentials and contact list.
...
....
Good news..high detection rate on VT
Antivirus scan for e6d549543863cd3eb7d92436739a66da4b2cc1a9d40267c4bb2b2fa50bf42f41 at 2017-07-18 03:05:03 UTC - VirusTotal
