Threat Database Ransomware SeginChile Ransomware

SeginChile Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 9
First Seen: May 20, 2016
Last Seen: January 21, 2022
OS(es) Affected: Windows

The SeginChile Ransomware is an encryption ransomware Trojan that is being used to target computer users located in Spanish speaking countries. The SeginChile Ransomware is based on a ransomware kit that is an open source known as eda2. Once the SeginChile Ransomware enters a computer, it uses an AES-256 algorithm to encrypt the victim's files. The SeginChile Ransomware adds the extension '.the SeginChile' to every file that was encrypted. Apart from that, the SeginChile Ransomware changes the victim's desktop image and creates an HTML file named 'instrucciones.html' (Spanish for instructions) containing directions for the victim to pay the SeginChile Ransomware ransom and understand what happened. Fortunately, the SeginChile Ransomware does not result in monetary loss, since the SeginChile Ransomware decrypts the victim's files immediately. The SeginChile Ransomware is being distributed by a group naming itself 'Seguridad Informática Chile,' which could be a threat research firm located in Chile if its title is to be trusted.

How the SeginChile Ransomware Attack Works

The SeginChile Ransomware's ransom note contains information about the attack. The SeginChile Ransomware is used to target computer users in Chile and other Spanish-speaking countries (although it is quite common for these threats to infect victim's outside of their intended geographic location). The SeginChile Ransomware ransom note states that the victim's files were encrypted, and then proceeds to decrypt the victim's files (curiously enough).

The SeginChile Ransomware Encrypts the Victims Files… Then Decrypts Them Again?

In a puzzling turn of events, the SeginChile Ransomware does not demand ransom. Since the main purpose of ransomware is to demand a ransom after the victim's files were taken hostage (hence the name 'ransomware'), then it's quite puzzling to come across the SeginChile Ransomware, which has all the characteristics of a ransomware but does not demand payment. Malware analysts suspect that the SeginChile Ransomware may be either used for research, or the SeginChile Ransomware may be an unfinished version of a ransomware threat that was released before it was completely finished. It is very probable that a future version of the SeginChile Ransomware (or a ransomware threat very similar to the SeginChile Ransomware) will demand payment of a ransom from the victim.

Recovering from a SeginChile Ransomware Infection

Since the SeginChile Ransomware does not demand payment of a ransom, simply following the instructions contained in the SeginChile Ransomware ransom note will help computer users decrypt their encrypted files. Fortunately, other than the irritation of having to go through the encryption and decryption process, and not feeling that your files are safe, the SeginChile Ransomware does not pose a serious threat to victims' files at this time.

Most encryption ransomware Trojans are very similar to each other. In general, even though there are differences in the severity of the attack and the ransom notes themselves, the approach is identical: encryption ransomware infections encrypt the computer users' files and then ask them to pay a ransom to provide the decryption key. PC security analysts strongly advise computer users to avoid paying the ransom associated with these threats, since it allows con artists to continue to develop and distribute them.

To prevent these infections, malware analysts strongly advise computer users to avoid opening unsolicited email attachments or clicking on links embedded in unsolicited email messages. PC security analysts also advise computer users to avoid visiting file sharing networks and similar high-risk locations.

The Ransom Note Displayed by the SeginChile Ransomware

The following is the ransom note that the SeginChile Ransomware displays on the affected computer's Desktop:

Seguridad Informática Chile
Comunidad de Seguridad informática de Chile
•Ingresar a hxxps://
•Ingresar el identificador que se te ha proporcionado mas abajo
•Descargar el archivo para descifrar
•Se generara una clave de descifrado, debes ingresar esa clave en el archivo de descifrado

The SeginChile Ransomware can encrypt the following types of files in its attack:

.asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .txt, . xls, .xlsx, .xml.


Most Viewed