Remove Reyptson Ransomware | Updated

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

I wrote this article to help you remove Reyptson Ransomware. This Reyptson Ransomware removal guide works for all Windows versions.

Reyptson is a ransomware infection and like all parasites of this kind, it follows a pretty standard pattern. First, it invades your PC behind your back. How? With tricks, of course. No one would intentionally download such a harmful pest on their machine. That’s why crooks rely on trickery and deceit to distribute their product. One of the most commonly used methods is spam email messages. Hackers disguise the ransomware executable as a legitimate file (a job application, a shipping invoice) and send it directly to your regular inbox. Then, you do the rest.

If you click on the attachment, the ransomware gets downloaded and installed on your machine. Proceed with caution when you receive an email from unknown senders. Usually, such messages are corrupted and attempt to spread infections. Also, stay away from unverified download sources and shady pages. Be extra careful when installing updates or programs. Always read the Term and Conditions and don’t rush to agree to anything. What hackers pray the most for is victims` carelessness and distractions. Without them, none of the distribution techniques would work. Do your due diligence and keep your machine safe.

Entering was the first step, next is encryption. Once on board, Reyptson doesn’t waste time. It uses the AES-128 encryption algorithm to lock all of your files. We are talking pictures, music, videos, MS Office documents, work-related data, etc. All of this falls victim to the pest. The infection also adds the “.Reyptson” file extension to each encrypted file to solidify its hold over your data. Seeing your files renamed like this means that you no longer have access to any of them. You cannot open them, or view them, or anything. All you see is their empty, renamed icons but they are unusable. Trying to change their names back or move them into another folder does nothing. They need to be decrypted. This is when Reyptson drops its ransom note – “Como_Recuperar_Tus_Ficheros.txt” – which you can find in every folder, containing locked data as well as on your desktop.

Remove Reyptson Ransomware

The Reyptson Ransomware

The message itself is in Spanish but it is pretty standard. The crooks say that the only way of getting your files back is by purchasing a special decryptor which costs $200. They promise that once you pay, they will send you the tool. The question is can you trust cybercriminals to keep their word. No! You cannot. The chances are they will take your money and not send you the decryptor at all. Or, they may send you a tool which doesn’t work properly. And what is your best case scenario here? Pay the sum, get the decryptor and unlock your data. Keep in mind that even if this happens, you still lose.

You may be able to free your files from the encryption but the decryptor only goes that far. It doesn’t remove the ransomware itself. Reyptson remains intact on your PC ready to send you back to square one. Are you going to pay again? Of course, not. You should pay at all, actually. Paying guarantees you nothing. In fact, it only helps crooks expand their business with your money. And, by using your PC to make the transaction, you are exposing your personally identifiable and financial credentials as well. It is not worth it.

Forget about paying. Instead, use our removal guide down below and remove Reyptson manually. Then, once your PC is free, unlock your files. Moreover, now that you see how dangerous ransomware can be, protect your data in advance in case of another infection. Keep backups of your most important files. Also, download a good anti-malware program to help you. Keep it updated and regularly scan your computer for intruders.

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Reyptson Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link:
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panel


  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Next

    system restore

  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Reyptson Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete

Remove Reyptson Ransomware | Updated