Reyptson Ransomware Removal Guide. Recover .REYPTSON Files

Reyptson is the name given to a ransomware that encrypts sensitive files and locks PC screen with a crafted message. In a case of infection Reytpson ransomware virus appends a file extension of the same name to all corrupted files and limits the access to them. Then it drops a ransom message file to instruct victims how to pay the ransom and decrypt .REYPTSON files. This article aims to help victims with Reyptson ransomware removal and .REYPTSON data recovery.

Manual Removal Guide
Recover .REYPTSON Files
Skip all steps and download anti-malware tool that will safely scan and clean your PC.

DOWNLOAD Reyptson Removal Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Reyptson Ransomware – Dissemination Details

At this point, it seems that Reyptson Ransomware attacks Spanish-speaking users. However, it is likely that its authors will spread it globally soon. Reyptson Ransomware attack campaigns are likely to distribute its payloads via spam emails. That emails usually pose as legitimate services or even acquaintances attempting to trick users into interacting with an attached file or clicking a deceptive link. File attachments that disseminate ransomware infections are crafted by hackers. They may be PDF files that contain malicious JavaScript code, documents with malicious macros, and other files that contain code that can exploit system vulnerabilities once it is opened on the PC. Deceptive links, on the other hand, may redirect you to a web page that will unnoticeably download Reyptson payloads on the system.

One of the first attack campaigns of Reyptson Ransomware follows the stream:

    1. A crafted email delivers fake details about an invoice and provides a download button for the invoice.
    2. Once the button is clicked, a RAR file is downloaded on the PC.
    3. The RAR contains the malicious Reyptson Ransomware payload so after it is opened the infection process is triggered as well.
    4. While Reyptson Ransomware is encrypting data it distracts user’s attention by displaying a fake PDF document with a Windows notification window pop up. The pop up states that the PDF file could not be opened because its file type is not supported or it is corrupted.
    5. Upon infection, Reyptson ransomware collects SMTP (Simple Mail Transfer Protocol) credentials and sends the same fake invoice email to every Thunderbird contact. So it is self-replicating via email and acts like a worm which makes it a very dangerous threat.

Read Also: Microsoft Warning Alert Pop-up Virus

Reyptson Ransomware Virus – Infection Flow

First, Reyptson crypto virus executes a malicious file Reyptson.exe that is designed to initiate the infection flow. In order to carry out successful infection, the ransomware drops several other malicious files. That files are situated in the following Windows folders:


Data encryption is the top priority of Reyptson ransomware virus. The threat uses AES-128 cipher algorithm to modify the original code of target files. Afterward, it renames them and appends the malicious extension .REYPTSON at the end of the name.

The threat targets documents such as PDFs, text files, docs, and other files frequently used files that contain valuable information – images, videos, music, projects, archives, databases, etc. Eventually, only JPG files, as well as all essential system files, are likely to remain untouched by Reyptson ransomware.

Some of the malicious files associated with Reyptson ransomware virus are designed to modify Windows registry entries. Modifications of certain key values allow the ransomware to lower internet security settings, display its ransom note on the PC screen and set up automatic execution of malicious once the Windows is started.

By adding specific values to the registry key, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Reyptson opens a pop-up window on the PC screen. The Reyptson Ransomware pop up cannot be closed as long as the infection is running on the computer. All it reads is written in Spanish:

Accede a este sitio web: xxxxs://…..
En el tienes las instrucciones para recuperar tus ficheros y un soporte con el que
podrás contactarnos para recibir asistencia técnica.
Si no puedes acceder puedes entrar bajandote un navegador llamado tor de:
Y entrando a: xxxx://37z2akkbd3vqphw5.omon/7usuario….
Para poder descifrar tus ficheros tendrás que pagar 200€ pero si te retrasas mas
de 72H tendrás que pagar 500€

Reyptson ransomware pop up desktop lock wallpaper message bestsecuritysearch

With the help of translation service it becomes clear that what is said on Reyptson Ransomware pop up in English reads:

Access this website: xxxxs: // …..
In it you have the instructions to recover your files and a support with which
You can contact us for technical assistance.
If you can not log in you can enter a browser called tor from:
And entering: xxxx: //37z2akkbd3vqphw5.omon/7user ….
In order to decrypt your files you will have to pay 200 € but if you delay more
From 72H you will have to pay € 500

In another text file Como_Recuperar_Tus_Ficheros.txt dropped by Reyptson ransomware hackers leave second ransom message again in Spanish:

Como recuperar tus ficheros del cifrador Reyptson

Tienes toda la información en esta web:
Si no puedes entrar descarga el navegador tor desde:
y entra a: xxxx://37z2akkbd3vqphw5.onion/?usuario=4406091797&pass=3411
Para poder descifrar tus ficheros tendras que pagar 200€
pero si te retrasas mas de 72H tendras que pagar 500€
Tus datos de acceso son:
Usuario: 4406091797
Contraseña: 3411

Its English version reads:

How to recover your files from the Reyptson cipher

You have all the information in this web:
Xxxxs: // Username = 4406091797 & pass = 3411
If you can not log in, download the tor browser from:
Xxxxs: //
And go to: xxxx: //37z2akkbd3vqphw5.onion/? User = 4406091797 & pass = 3411
In order to decrypt your files you will have to pay € 200
But if you delay more than 72H you will have to pay € 500
Your login details are:
User: 4406091797
Password: 3411

Reyptson drops the second ransom message in each folder that contains encrypted file. And as it becomes clear hackers demand € 200 ransom until the dead line of 72 hours expires when the ransom increase up to € 500. Tor web addresses provided by hackers are currently active:


No matter what the sum is, it is always better to avoid ransom payment before you try to cope with the problem by yourself or with the help of security specialist.

The good news is that as it appears Reyptson ransomware does not delete Shadow Volume Copies. Thus .REYPTSON files may be recovered by using System Restore Point. All .REYPTSON data recovery steps via this method can be found in the removal instructions below. If some files remain encrypted after the process you may try to recover .REYPTSON files via the other suggested alternative methods.

Remove Reyptson Ransomware Virus and Restore Data

WARNING! Manual removal of Reyptson Ransomware Virus requires being familiar with system files and registries. Removing important data accidentally can lead to permanent system damage. If you don’t feel comfortable with manual instructions, download a powerful anti-malware tool that will scan your system for malware and clean it safely for you.

DOWNLOAD Anti-Malware Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Reyptson Ransomware Virus – Manual Removal Steps

Start the PC in Safe Mode with Network

This will isolate all files and objects created by the ransomware so they will be removed efficiently. The steps bellow are applicable to all Windows versions.

1. Hit the WIN Key + R

2. A Run window will appear. In it, write msconfig and then press Enter

3. A Configuration box shall appear. In it Choose the tab named Boot

4. Mark Safe Boot option and then go to Network under it to tick it too

5. Apply -> OK

Show Hidden Files

Some ransomware threats are designed to hide their malicious files in the Windows so all files stored on the system should be visible.

1. Open My Computer/This PC

2. Windows 7

    – Click on Organize button
    – Select Folder and search options
    – Select the View tab
    – Go under Hidden files and folders and mark Show hidden files and folders option

3. Windows 8/ 10

    – Open View tab
    – Mark Hidden items option

how to make hidden files visible in Windows 8 10 bestsecuritysearch instructions

4. Click Apply and then OK button

Enter Windows Task Manager and Stop Malicious Processes

1. Hit the following key combination: CTRL+SHIFT+ESC

2. Get over to Processes

3. When you find suspicious process right click on it and select Open File Location

4. Go back to Task Manager and end the malicious process. Right click on it again and choose End Process

5. Next, you should go folder where the malicious file is located and delete it

Repair Windows Registry

1. Again type simultaneously the WIN Key + R key combination

2. In the box, write regedit and hit Enter

3. Type the CTRL+ F and then write the malicious name in the search type field to locate the malicious executable

4. In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Click for more information about Windows Registry and further repair help

Recover .REYPTSON Files

WARNING! All files and objects associated with Reyptson ransomware should be removed from the infected PC before any data recovery attempts. Otherwise the virus may encrypt restored files. Furthermore, a backup of all encrypted files stored on external media is highly recommendable.

DOWNLOAD Malki Virus Removal Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

1. Use present backups

2. Use professional data recovery software

Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.

3. Using System Restore Point

    – Hit WIN Key
    – Select “Open System Restore” and follow the steps


4. Restore your personal files using File History

    – Hit WIN Key
    – Type restore your files in the search box
    – Select Restore your files with File History
    – Choose a folder or type the name of the file in the search bar
    – Hit the “Restore” button

Preventive Security Measures

  • Enable and properly configure your Firewall.
  • Install and maintain reliable anti-malware software.
  • Secure your web browser.
  • Check regularly for available software updates and apply them.
  • Disable macros in Office documents.
  • Use strong passwords.
  • Don’t open attachments or click on links unless you’re certain they’re safe.
  • Backup regularly your data.
  • Was this content helpful?

    Author : Gergana Ivanova

    Gergana Ivanova is a computer security enthusiast who enjoys presenting the latest issues related to cyber security. By doing thorough researches and sharing them on BestSecuritySearch, she hopes that more victims of malware infections will be able to secure their corrupted computer systems properly and eventually recover lost files.

    Related Posts

    Leave a Reply

    Your email address will not be published. Required fields are marked *