[Warning]:Kupidon ransomware

[Yaunfitda]

There is a new malware that everyone should be aware of, it is aptly name Kupidon. And what's more scary is that it is not just targeting corporate and businesses, but personal users, just like you and me. Mode of attack is what we have know all along, don't click or download anything that you see online.

Once the threat actors gain access, they manually encrypt the files on the victim's computers. When encrypting data, it will append the .kupidon extension to the file's name.

In each folder that a file is encrypted, the ransomware will also create a ransom note named '!KUPIDON_DECRYPT.TXT.'

Depending on whether the victim is a business or an individual, the ransom notes dropped will be slightly different and contain different ransom demands.

So the ransom will be ask depends on the victims, if it is a corporation, they will ask for $1200 or equivalent in BTC. And then for a home user, as big as $300 or equivalent in BTC.

Sample note:

Source: https://www.bleepingcomputer.com/news/security/kupidon-is-the-latest-ransomware-targeting-your-data/

Scammers email address:

Code:

ann4.orlova.892@yandex.ru

Although there have been a decryptor before, we really don't know if this is effective as this malware could be a new variant.

https://malware-guide.com/blog/how-to-remove-kupidon-file-virus-and-restore-infected-data

[1714861531]

1714861531

[1714861531]

1714861531

[1714861531]

1714861531

[1714861531]

1714861531

[1714861531]

1714861531

[CucakRowo]

This is why regular backups are absolutely necessary, especially for files that you consider important. Regular bakcup can be done every 2 weeks. The more often, the better. Additional information for kupidon ransomware: Remove Kupidon Virus (+Decrypt .kupidon files) – Kupidon Ransomware.

Note : Since i dont have any trouble with kupidon in my pc, i haven't try those solution (nor the software mentioned in above article).

[Jating]

This is why regular backups are absolutely necessary, especially for files that you consider important. Regular bakcup can be done every 2 weeks. The more often, the better. Additional information for kupidon ransomware: Remove Kupidon Virus (+Decrypt .kupidon files) – Kupidon Ransomware.

Note : Since i dont have any trouble with kupidon in my pc, i haven't try those solution (nor the software mentioned in above article).

Yes, probably practice safety by backing up for files. Malwares/Ransomware are growing everyday and it's really sad to see that those scammers are using bitcoin as method to extract ransom from their victims.

I have Windows based machine, but recently though, I try and exploit Unix flavor for safety purposes. Just a couple of days ago, was able to create a Linux Mint system. Still playing with it and probably will move out from Windows based OS specially if I deal with my crypto.

[UserU]

Yes, probably practice safety by backing up for files. Malwares/Ransomware are growing everyday and it's really sad to see that those scammers are using bitcoin as method to extract ransom from their victims.

I have Windows based machine, but recently though, I try and exploit Unix flavor for safety purposes. Just a couple of days ago, was able to create a Linux Mint system. Still playing with it and probably will move out from Windows based OS specially if I deal with my crypto.

It's not about avoiding Windows just to avoid ransomware.

If a human has some common sense, he/ she would avoid opening those suspicious looking files from emails or shady sites.

[jossiel]

Another ransomware and the key to avoiding this is by doing this.

don't click or download anything that you see online.

A practice of deleting or ignoring emails that have nothing to do with you or your work can also help.

I have seen the same problem in other forums but for another ransomware and it's the important files of a company. This is very threatening and interrupting for businesses and even to individuals who have important files saved on his computer.

The way I use the computer, I'm becoming more cautious and careful and feeling tense because it's getting slower but as long as there's no infection, I'm fine.

[Harlot]

The ransomware is unique based on the article provided it doesn't require any kind of user error for it to penetrate the system as the ransomware is able to control your pc if you are connected somehow to a remote desktop server which I don't think a lot of people have. But just like what the article bleepingcomputer created they still don't have a lot of information to go through on how or why this people are getting it so maybe not messing around with websites as well as emails is still a must before we found out how does this ransomware is able to get through with PCs.

[khaled0111]

It doesn't look like the usual ransomwares as encrypting files has to be done manually.
I suspect the attacker is exploiting an 0-day vulnerability to gain access to the victim machine then encrypt the files.
Also, if he is attacking radom victims then he has to explore the content of the victim's computer to know whether it's a professional computer or a personal one.

I agree with CucakRowo that backing up your files regularly is the best/cheapest practice to protect your data.

[jademaxsuy]

Many experiences people always give an advice to those who doesn't have knowledge about some ransomware that a person make. So my advice would be the same that is to "Think before you click and Think before you download" when you have something to download and make sure it's the right source.

[Jating]

The ransomware is unique based on the article provided it doesn't require any kind of user error for it to penetrate the system as the ransomware is able to control your pc if you are connected somehow to a remote desktop server which I don't think a lot of people have. But just like what the article bleepingcomputer created they still don't have a lot of information to go through on how or why this people are getting it so maybe not messing around with websites as well as emails is still a must before we found out how does this ransomware is able to get through with PCs.

I think we may have forgotten the biggest contributor, besides phishing email in the spread of malware/ransomware in recent years, not just Kupidon - "Downloading torrent files". There are literally millions being downloaded everyday, and majority of those files have some have malicious intent. That's why people should stay away from it, specially crypto enthusiast as you might one day be affected by ransomwares.

[joniboini]

I think we may have forgotten the biggest contributor, besides phishing email in the spread of malware/ransomware in recent years, not just Kupidon - "Downloading torrent files". There are literally millions being downloaded everyday, and majority of those files have some have malicious intent. That's why people should stay away from it, specially crypto enthusiast as you might one day be affected by ransomwares.

As long as you do some virus scan or something like that before you open any file from the internet, it should be fine. At least, more malware are spread from the e-mail spam than file download (except where user interaction is not needed such as a web page that stealthily sends virus package when you open it) according to this stats[1]. Here's for general overview of the ransomware space. Hopefully this Kupidon won't cause many damages[2].

[1] https://brandongaille.com/wp-content/uploads/2013/10/Computer-Virus-Statistics-and-Top-Countries-Impacted.jpg
[2] https://www.comparitech.com/antivirus/ransomware-statistics/

[CryptoYar]

Yes, probably practice safety by backing up for files. Malwares/Ransomware are growing everyday and it's really sad to see that those scammers are using bitcoin as method to extract ransom from their victims.

I have Windows based machine, but recently though, I try and exploit Unix flavor for safety purposes. Just a couple of days ago, was able to create a Linux Mint system. Still playing with it and probably will move out from Windows based OS specially if I deal with my crypto.

It's not about avoiding Windows just to avoid ransomware.

If a human has some common sense, he/ she would avoid opening those suspicious looking files from emails or shady sites.

Agree. The issue is not about Windows-based OS at all, it is the issue of the user that they need to take precautions.
This year is the year of viruses, for humans COVID-19, and malware/ransomwares for computers.

[UserU]

Agree. The issue is not about Windows-based OS at all, it is the issue of the user that they need to take precautions.
This year is the year of viruses, for humans COVID-19, and malware/ransomwares for computers.

COVID-19 > All worms/ viruses/ Trojans/ malware out there in existence

[Harlot]

The ransomware is unique based on the article provided it doesn't require any kind of user error for it to penetrate the system as the ransomware is able to control your pc if you are connected somehow to a remote desktop server which I don't think a lot of people have. But just like what the article bleepingcomputer created they still don't have a lot of information to go through on how or why this people are getting it so maybe not messing around with websites as well as emails is still a must before we found out how does this ransomware is able to get through with PCs.

I think we may have forgotten the biggest contributor, besides phishing email in the spread of malware/ransomware in recent years, not just Kupidon - "Downloading torrent files". There are literally millions being downloaded everyday, and majority of those files have some have malicious intent. That's why people should stay away from it, specially crypto enthusiast as you might one day be affected by ransomwares.

According to the article of bleepingcomputer it's origin are still unknown and their biggest guess is that it is coming from remote desktop servers, so there are no downloads required or emails needed to be click in order to get the malware. The hacker just need to access your pc with this remote servers in order to infiltrate your computer with the malware. Like I said this kind of ransomware is unique since it doesn't require the user to have any kind of error in his side like visiting websites, clicking emails, or even downloading torrent files. 

[StonerStanley]

The ransomware is unique based on the article provided it doesn't require any kind of user error for it to penetrate the system as the ransomware is able to control your pc if you are connected somehow to a remote desktop server which I don't think a lot of people have. But just like what the article bleepingcomputer created they still don't have a lot of information to go through on how or why this people are getting it so maybe not messing around with websites as well as emails is still a must before we found out how does this ransomware is able to get through with PCs.

I think we may have forgotten the biggest contributor, besides phishing email in the spread of malware/ransomware in recent years, not just Kupidon - "Downloading torrent files". There are literally millions being downloaded everyday, and majority of those files have some have malicious intent. That's why people should stay away from it, specially crypto enthusiast as you might one day be affected by ransomwares.

According to the article of bleepingcomputer it's origin are still unknown and their biggest guess is that it is coming from remote desktop servers, so there are no downloads required or emails needed to be click in order to get the malware. The hacker just need to access your pc with this remote servers in order to infiltrate your computer with the malware. Like I said this kind of ransomware is unique since it doesn't require the user to have any kind of error in his side like visiting websites, clicking emails, or even downloading torrent files.  

It doesn't come from remote desktop servers, it infect your exposed remote desktop servers, which is not the same.

It does require a vulnerability in a remote desktop server application installed on your computer, so it also require you to have a port opened (+ a vulnerability). Otherwise a download is required to get this malware on your computer. A download and an execution (and since you can download and execute files though a remote desktop application then if there is a vulnerability in your application someone can take an advantage of it)

Malwares that require you to visit a website to be infected (by using a Remote code execution vulnerability) are far more dangerous than this kind of old stuff. This malware is new but what he does is not, and not as sophisticated as a remote code execution vulnerability in your web browser (which can be used to infect millions of people even if they don't have any port opened).

You can sleep peacefully if you don't have a remote desktop server with your bitcoin on it  

Yes, probably practice safety by backing up for files. Malwares/Ransomware are growing everyday and it's really sad to see that those scammers are using bitcoin as method to extract ransom from their victims.

I have Windows based machine, but recently though, I try and exploit Unix flavor for safety purposes. Just a couple of days ago, was able to create a Linux Mint system. Still playing with it and probably will move out from Windows based OS specially if I deal with my crypto.

You are not protected under Linux if you don't know how to protect yourself using it.
People think that there is no malware under linux but they are wrong, most of the malwares are made for windows because there are more windows users. If you don't want to learn a bit of security then whatever if you use linux or mac or windows you must be careful of what you download over internet.