Learn about Repl virus

What is repl?

Repl is identified as ransomware. Ransomware is a specific virus that encrypts your documents and then forces you to pay to restore them. Note that the DJVU ransomware family (also known as STOP) was first revealed and analyzed by virus analyst Michael Gillespie.

Repl is similar to the other ransomware in them: Maas, Zida, Pykw. Repl encodes all common file types. Therefore, users cannot open their documents. Repl adds its own .repl extension to all files. For example, the video file 'video.avi' will be changed to 'video.avi.repl'. As soon as the encoding is done successfully, Repl will issue a special file '_readme.txt' and add it to all directories containing the modified files.

This text requires payment to recover files via decryption key:

The encryption algorithm used by Repl is AES-256. Therefore, the files are encrypted with a specific decryption key, unique and no other copy. The sad fact is that it is not possible to recover information without this unique key.

In case if Repl works in online mode, you cannot have access to AES-256 key. It is hosted on a remote server owned by scammers who have distributed Repl virus.

To receive the decryption key, you need to pay the payment of $ 980 (over 22 million). In order to obtain payment details, victims are encouraged to text the contact via email (helpmanager@mail.ch) or via Telegram.

How to remove Repl virus

In addition to encrypting the victim's files, Repl also started to install Azorult Spyware on the computer to steal account login information, e-wallets, files on the desktop, etc.

There is no better way to identify, remove, and prevent ransomware than to use anti-malware program from GridinSoft.

Download removal tool: You can download GridinSoft Anti-Malware here.
Run the setup file.
1. Once the setup file has finished downloading, double-click the setup-antimalware-fix.exe file to install GridinSoft Anti-Malware on the system.

1. User Account Control will ask you whether or not you allow GridinSoft Anti-Malware to make changes to the device. So you should click Yes to continue the installation.
Click the Install button .

Once installed, Anti-Malware will automatically run.
Wait for the Anti-Malware scan to complete. GridinSoft Anti-Malware will automatically start scanning your PC to detect Repl infections and other malicious programs. This process can take 20-30 minutes, so you can take advantage of other work and periodically check the status of the scan.

Click the Clean Now button : When the scan is complete, you will see a list of infection viruses that GridinSoft Anti-Malware has detected. To remove them, click the Clean Now button in the right corner.

Recovery solution for .repl files

Try removing the .repl extension on some large files and opening them. It is possible that Repl has read and unencrypted the file, or it is corrupted and does not add a filemarker. If your files are very large (over 2GB), then the latter is most likely. Please let everyone know in the comments, if this helps you.

You can also download and try the following decryption tool: Decryptor for STOP Djvu.

Lesley Montoya

Update 16 July 2020

You should read it

May be interested

Rumors regarding the new Corona virus (2019-nCoV) and WHO answers
here are answers to questions about the new corona virus (2019-ncov) of who invite you to refer to better understand it, thereby taking the most effective preventive measures for yourself and your family.
How to fix when Facebook is infected with virus
facebook is infected with a virus that no user wants. with 9 basic steps in the following article of network administrator, you will be able to recover your facebook account and 'clean up' the obnoxious virus.
Multiple choice questions about computer viruses
in the following article, please join the network administrator to learn about computer viruses through the quiz below.
17 clear signs that your computer has been attacked by a virus
most users have the same opinion that they have installed anti-virus programs and software on their computers, so viruses can hardly attack their computers. however this is a wrong view. viruses are increasingly sophisticated, and they can invade and attack users' computers in many different ways.
Learn super viruses that are threatening the global industry
highly skilled hackers can use public information about code known as the stuxnet virus to develop attack variants in many industries.
Steps to root Win32 virus: Expiro
virus: win32 / expiro.gen is a quite dangerous virus that annoys users by affecting all executable files (.exe files). once virus virus: win32 / expiro.gen attacks your system, it can collect data on your computer and provide your computer access to unwanted users.
Virus attacks Mac OS X operating system
last week, security firm symantec warned of a virus that could spread on the mac os x platform. although the virus is not very dangerous, it raises a warning that there is no system. any action is not infected by the virus
Can the router be infected with a virus?
a router is just as susceptible to a virus as a computer. a common reason why the router becomes infected with a virus is that the owner forgot to change the default admin password.
What is Adrozek Virus? How to protect yourself from Adrozek virus
technically, adrozek is not a virus. it's a browser hijacker, also known as browser modifier. that means that the malware was installed on your computer without your knowledge.
What is the Bytefence virus? How to remove it?
the first thing to be clear: bytefence is not really a computer virus. it's actually an antivirus software distributed by a company of the same name, offering both free and paid products to consumers.