Remove Repp Ransomware (Virus Removal Steps)
THREAT REMOVAL

How to Remove Repp Ransomware Virus and Restore Files

An infection with the Repp ransomware virus leads to serious issues that affect the overall system security. The most unpleasant consequence is the encryption of valuable files. This removal guide shows illustrated instructions on how to get rid of Repp virus infection.

repp-virus-file-remove

Repp Ransomware Removal

According to information shared by security researchers, the so-called Repp virus is a ransomware that is based on the code of one of the biggest ransomware families called STOP/Djvu. Numerous strains of this ransomware family have appeared on the malware scene since the original variant was released in the wild.

Like its predecessors, the Repp virus is designed to corrupt essential system settings with the goal to pass through several attack stages. As a consequence, the ransomware leaves all important files encrypted and renamed with the .repp extension. Then it extorts a ransom fee for the decryption of encrypted personal files. The extortion is realized via ransom message. This message can be found in the text file _readme.txt

In the beginning, the ransomware corrupts system settings that will help it to evade detection and hide malicious files. Beware that when an infection with Repp ransomware occurs, some major registry keys like RUN and RUNONCE are contaminated. The reason is that their functionalities can enable it to launch malicious files every time the infected system is started. The end of the attack takes place when a ransom message pop-ups on the screen to extort a ransom fee from victims.

Threat Summary

NameRepp
File Extension.repp
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.
SymptomsThe Repp STOP ransomware will encrypt your files by appending a malicious extension to them. Then it will demand a ransom fee for their recovery.
Ransom Demanding Note_readme.txt
Ransom Fee$490 – $980 in Bitcoin
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Repp

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Repp.

Repp Virus – More About the Infection Process

As you have just understood Repp virus is called to a data locker ransomware that belongs to one of the biggest ransomware families STOP/Djvu. The name of this strain is a derivative of the malicious extension .Repp it appends to files it encrypts. The same goes with the names of its recently discovered pedecesors Npsg virus, Btos virus, Zobm virus and Reha virus.

Techniques like spam emails, email attachments, hacked web pages, and corrupted freeware installers are likely to be utilized for the spread of Repp ransomware virus. Since malspam propagation technique enables hackers to spread their malicious code on a large scale it is considered to be the main one. Malwpam or massive email spam campaigns that try to deliver malicious code has its traits. So how to recognize an email that endangers the overall security of your PC and data stored on its drives? First: Does the email have an attached file of common type or a link presented as a button, an image, a plain URL or another clickable form? If the answer is positive then avoid interacting with these elements. If you believe that you should view the content then scan the file / link with online malware scanners like VirusTotal. The results will provide information about the security level of the content.

Among the most popular Windows file types that are used by malware are executable files, documents and other Microsoft Office files, application files, script files, PDFs, temporary files and other.

.repp File Extension

All initial malicious changes performed by the ransomware enable it to reach the encryption stage. During this stage, the ransomware launches a built-in cipher module to corrupt personal files. Specific folders are scanned for commonly used types of files as they are likely to store valuable user data. Every time a target file is detected, its code is transformed via a strong cipher algorithm. As a result of encryption, corrupted files receive the malicious extension .repp

Unfortunately, encrypted files remain inaccessible after encryption. The malicious file extension .Repp may appear at the end of document, music, project, database, image, video, backup, archive, and audio files.

In fact, the end goal of Repp ransomware is to blackmail its victims into paying a ransom fee to hackers who stand behind the attacks. A ransom note file called _readme.txt informs that the decryption of corrupted files can be realized after a payment of $490 – $980 ransom fee. The full content of this file can be seen below:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-7YSRbcuaMa
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpmanager@firemail.cc

Reserve e-mail address to contact us:
helpmanager@iran.ir

Your personal ID:

We strongly advise against any contacts with cybercriminals. The ransom payment isn’t a good option as well. This step does not guarantee the recovery of your encrypted files. Oftentimes, hackers skip answering their victims. So you may get tricked once again.

At this point, STOP ransomware strains associated with .repp extension are not decryptable by Michael Gillespie or Emsisoft free decryption tools. However, as soon as we notice security researchers’ announcement about an update that supports the decryption of Repp STOP ransomware variants we will update this article with information on how to decrypt files for free.

How to Remove Repp Ransomware Virus

The so-called Repp ransomware virus is a threat with a highly complex code that disrupts system security in order to encrypt personal files. Hence the infected system could be used in a secure manner again only after you remove all malicious files and objects created by the ransomware. The steps presented in the ransomware removal guide below will help you with the complete removal process. Beware that the manual ransomware removal is suitable for more experienced computer users. If you don’t feel comfortable with the manual steps navigate to the automatic part of the guide. It is also worth mentioning that personal data remains encrypted even after the complete removal of Repp ransomware. Its removal only prevents it from causing further encryptions and security issues.

Step 5 from our Repp ransomware removal guide presents alternative data recovery methods that may be efficient for the recovery of encrypted files. Beware that you should make copies of all encrypted files and save them on a flash drive for example before the beginning of the recovery process.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for four years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

2 Comments

  1. AvatarAchille

    J’ai été infecté cela fait 3 jours aujourd’hui
    J’ai essayé votre méthode pour le supprimer mais je rencontre un soucis
    Dans regedit je vois que 4 donné chez moi
    3 sur C:\windows\system32\….exe
    1sur C:\program files\Hewlett-Parckard\HP Quick launch buttons \ QlbCtrl.exe/Stuart
    Maintenant quoi choisir entre les 4 de plus que c’est totalement différent sur l’exemple que vous avez fait
    Svp aidez moi

    Reply
    1. AvatarMartin Beltov

      Hello Achille,

      If you are unsure whether or not a certain registry value is related to the virus we recommend that you don’t edit and/or delete it. You can certainly try and see if this resolves any issues however we do recommend that you backup your system before doing so.

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...