The latest ransomware: Kupidon ransomware


The latest ransomware called Kupidon has been discovered by MalwareHunterTeam. The virus targets both personal and corporate networks to steal data from users, through exposed remote desktop servers. The research team identified this ransomware after being uploaded to ID-Ransomware. The ID-Ransomware is a free website that helps victims identify what ransomware may have encrypted their files. Based on the victim’s uploaded information, the team can only provide the general information about the ransomware.

Once the virus accesses the victim’s data, it encrypts the files and it will appear the .kupidon extension to the file’s name. Along with the encrypted file, the hacker leaves a ransom note named ‘!KUPIDON_DECRYPT.TXT.’ and depending on the victim’s personal and company’s PCs, it has slight differences in the note.

If the victim agreed to pay the ransom, the hacker sends a decryptor tool to access the files. However, the Kupidon ransomware is the latest one, BleepingComputer has not confirmed yet if this will recover victim’s files.

Below is the screenshot of the Kupidon Virus Decryptor tool.


Kupidon Virus Decryptor tool

Kupidon Ransom Notes Example

All your files have been encrypted with Kupidon Virus.

Your unique id: xxxx

As a private person you can buy decryption for 300$ in Bitcoins.

But before you pay, you can make sure that we can really decrypt any of your files.

The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.

To do this:

1) Download and install Tor Browser ( )

2) Open the http://oc3g3q5tznpubyasjgliqyykhxdfaqge4vciegjaapjchwtgz4apt6qd.onion/ web page in the Tor Browser and follow the instructions.


The Kupidon ransomware is spread via phishing emails with the malicious link or attachments. Once the victim clicks on the malicious link, the malicious code is executed and it will get into the user’s system and files. Hence, your computer gets infected by the Kupidon ransomware. It also opens a port to other types of viruses as well. In addition, the Kupindo ransomware was also observed attacking victims in another way. The other way when the program is installed on the computer or the operating system itself, attackers exploit vulnerabilities and infect them with the ransomware. Some common exploited software are browsers, Microsoft Office and third-party applications.

As the Kupidon ransomware is the latest ransomware and it still needs to do more research, people cannot take the risk of getting infected by the ransomware.

Contact LIFARS Immediately If Your Organization Was Hit With A Ransomware