Kupidon Kupidon is a cryptovirus of the ransomware class that cybercriminals use to blackmail web users for money. The way Kupidon attacks the computer is through encryption which locks the victims\u2019 files and makes them inaccessible so that a ransom can be demanded for them. Ransomware infections are quite common tools for money extortion but what is worse is that their attack may result in the loss of very valuable information. The aim of ransomware threats like Kupidon and ColdLock is to encrypt the files that are stored on the infected computer so that the hackers can later blackmail the victims to pay a ransom for a decryption key. This criminal scheme is very simple and straightforward. Typically, a specially generated notification informs the users about the attack by getting displayed right on their screen or inside the folders that contain encrypted files. In this notification, the crooks behind the ransomware usually place their ransom demands and set an ultimatum, after which, if no payment is made, the victims are never to receive a decryption key. Of course, if you don\u2019t want to send money to some anonymous online crooks, you can always decide to disregard the ransom demand notification, remove the virus from your computer and seek alternative methods to restore your files. Things are even easier if the files that have been encrypted hold no value to you or you have backups of them on an external storage from where you can recover them. The main problem comes if the encrypted information is really important and you have no backups of it. In this case, you still have to remove Kupidon but you may also have to carefully consider all the available file-recovery solutions in order to minimize the loss of data that cannot be accessed anymore. The Kupidon virus The Kupidon virus is a malicious piece of ransomware that secretly applies advanced encryption to user files. After doing so, the Kupidon virus asks the victims to make a ransom payment in order to obtain a file-decryption key. The fearful ransom message that Kupidon displays manages to set in panic most of the victims and some of them quickly agree to pay the ransom out of fear. Professional ransomware researchers and security specialists, however, recommend that the victims of ransomware should not make impulsive decisions. Instead, they should take some time to find out about possible solutions to the attack rather than instantly giving the demanded money to the hackers. Moreover, there is no guarantee that after the victims pay the ransom that the hackers require, they will really receive a decryption key from them. In case the crooks decide to vanish with the money, no one can stop them and, what is worse, there will be no refund. This is why it is better to leave this option as your last resort and first investigate some other approaches towards restoring your data and deleting the ransomware virus. The .Kupidon file encryption The .Kupidon file encryption is a process that hackers use to restrict access to user data through a sophisticated encryption algorithm. The .Kupidon file encryption process makes the targeted files inaccessible so that only a specially generated decryption key can access them. If you don\u2019t have a decryption key or don\u2019t want to pay ransom for one, the tips in our guide below may help you get back some of the encrypted information for free. First, however, don\u2019t forget to remove Kupidon from your computer; otherwise, the restored files may get encrypted by this ransomware again. SUMMARY: Name Kupidon Type Ransomware Danger Level High (Ransomware is by far the worst threat you can encounter) Symptoms Very few and unnoticeable ones before the ransom notification comes up. Distribution Method From fake ads and fake system requests to spam emails and contagious web pages. Data Recovery Tool Not Available Detection Tool Remove Kupidon Ransomware Some of the steps will likely require you to exit the page. Bookmark it for later reference. Reboot in Safe Mode (use this guide if you don't know how to do it). WARNING! READ CAREFULLY BEFORE PROCEEDING! Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner: After you open their folder, end the processes that are infected, then delete their folders. Note: If you are sure something is part of the infection - delete it, even if the scanner doesn't flag it. No anti-virus program can detect all infections. Hold the Start Key and R - copy + paste the following and click OK: notepad %windir%\/system32\/Drivers\/etc\/hosts A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below: If there are suspicious IPs below "Localhost" - write to us in the comments. Type msconfig in the search field and hit enter. A window will pop-up: Go in Startup ---> Uncheck entries that have "Unknown" as Manufacturer. \tPlease note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate. Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus's Name. Search for the ransomware in your registries and delete the entries. Be extremely careful - you can damage your system if you delete entries not related to the ransomware. Type each of the following in the Windows Search Field: \t%AppData% \t%LocalAppData% \t%ProgramData% \t%WinDir% \t%Temp% Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble! How to Decrypt Kupidon files We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here. If the guide doesn't help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!