SeginChile Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 9 |
First Seen: | May 20, 2016 |
Last Seen: | January 21, 2022 |
OS(es) Affected: | Windows |
The SeginChile Ransomware is an encryption ransomware Trojan that is being used to target computer users located in Spanish speaking countries. The SeginChile Ransomware is based on a ransomware kit that is an open source known as eda2. Once the SeginChile Ransomware enters a computer, it uses an AES-256 algorithm to encrypt the victim's files. The SeginChile Ransomware adds the extension '.the SeginChile' to every file that was encrypted. Apart from that, the SeginChile Ransomware changes the victim's desktop image and creates an HTML file named 'instrucciones.html' (Spanish for instructions) containing directions for the victim to pay the SeginChile Ransomware ransom and understand what happened. Fortunately, the SeginChile Ransomware does not result in monetary loss, since the SeginChile Ransomware decrypts the victim's files immediately. The SeginChile Ransomware is being distributed by a group naming itself 'Seguridad Informática Chile,' which could be a threat research firm located in Chile if its title is to be trusted.
Table of Contents
How the SeginChile Ransomware Attack Works
The SeginChile Ransomware's ransom note contains information about the attack. The SeginChile Ransomware is used to target computer users in Chile and other Spanish-speaking countries (although it is quite common for these threats to infect victim's outside of their intended geographic location). The SeginChile Ransomware ransom note states that the victim's files were encrypted, and then proceeds to decrypt the victim's files (curiously enough).
The SeginChile Ransomware Encrypts the Victims Files… Then Decrypts Them Again?
In a puzzling turn of events, the SeginChile Ransomware does not demand ransom. Since the main purpose of ransomware is to demand a ransom after the victim's files were taken hostage (hence the name 'ransomware'), then it's quite puzzling to come across the SeginChile Ransomware, which has all the characteristics of a ransomware but does not demand payment. Malware analysts suspect that the SeginChile Ransomware may be either used for research, or the SeginChile Ransomware may be an unfinished version of a ransomware threat that was released before it was completely finished. It is very probable that a future version of the SeginChile Ransomware (or a ransomware threat very similar to the SeginChile Ransomware) will demand payment of a ransom from the victim.
Recovering from a SeginChile Ransomware Infection
Since the SeginChile Ransomware does not demand payment of a ransom, simply following the instructions contained in the SeginChile Ransomware ransom note will help computer users decrypt their encrypted files. Fortunately, other than the irritation of having to go through the encryption and decryption process, and not feeling that your files are safe, the SeginChile Ransomware does not pose a serious threat to victims' files at this time.
Most encryption ransomware Trojans are very similar to each other. In general, even though there are differences in the severity of the attack and the ransom notes themselves, the approach is identical: encryption ransomware infections encrypt the computer users' files and then ask them to pay a ransom to provide the decryption key. PC security analysts strongly advise computer users to avoid paying the ransom associated with these threats, since it allows con artists to continue to develop and distribute them.
To prevent these infections, malware analysts strongly advise computer users to avoid opening unsolicited email attachments or clicking on links embedded in unsolicited email messages. PC security analysts also advise computer users to avoid visiting file sharing networks and similar high-risk locations.
The Ransom Note Displayed by the SeginChile Ransomware
The following is the ransom note that the SeginChile Ransomware displays on the affected computer's Desktop:
Seguridad Informática Chile
Comunidad de Seguridad informática de Chile
TUS ARCHIVOS HAN SIDO CIFRADOS
Instrucciones
•Ingresar a hxxps://victima.hacking.cl
•Ingresar el identificador que se te ha proporcionado mas abajo
•Descargar el archivo para descifrar
•Se generara una clave de descifrado, debes ingresar esa clave en el archivo de descifrado
•IDENTIFICADOR:
The SeginChile Ransomware can encrypt the following types of files in its attack:
.asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .txt, . xls, .xlsx, .xml.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.