Seon Ransomware

Seon Ransomware Description

The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018. The Seon Ransomware attacks were first reported against Web servers, carried out by taking advantage of poorly protected RDP (Remote Desktop Protocol) connections. The Seon Ransomware Trojan, like most encryption ransomware Trojans, is designed to detain the victim's data to demand a ransom payment to restore access to the affected data. Since the Seon Ransomware's preferred victims seem to be servers and business networks, it is important that administrators take steps to ensure that all data is backed up properly.

How the Seon Ransomware Attacks a Computer

The Seon Ransomware uses a strong encryption algorithm to make the victim's files inaccessible, like most encryption ransomware Trojans. The Seon Ransomware deletes the Shadow Volume Copies of the affected files as well, preventing the victim from recovering the data using alternate methods. The Seon Ransomware marks the files encrypted by the attack by adding the file extension '.FIXT' to the end of the file's name. The Seon Ransomware targets the user-generated files, which may include a wide variety of media files, document types and databases. The Seon Ransomware targets the subsequent file types in its attack:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

After encrypting the victim's files, the Seon Ransomware demands that the victim contact the criminals via the email accounts 'kleomicro@gmail.com' and 'kleomicro@dicksinhisan.us' via a ransom note. This ransom noappears in the form of a text file named 'YOUR_FILES_ARE_ENCRYPTED.txt,' which contains the following text:

'Seon Ransomware
all your files has been encrypted
There is only way to get your files back: contact with us, pay and get decryptor software
We accept Bitcoin and other cryptocurrencies
You can decrypt 1 file for free
write email to kleomicro@gmail.com or kleomicro@dicksinhisan.us'

Protecting Your Data from Threats Like the Seon Ransomware

Computer users need to take steps to protect their data from threats like the Seon Ransomware. The best protection is to have backup copies of all data. Since the Seon Ransomware's preferred targets tend to be servers and networks, the administrators of these infrastructures are advised to have images of all of their data so that any compromised devices can be wiped and the data replaced quickly. It is also possible to have data backups on the cloud or an external memory device, replacing only the compromised data rather than performing a complete wipe of the device. Apart from file backups, it is paramount to have strong security measures, including strong passwords and a good security program.

Related Posts