Sext Ransomware
The Sext Ransomware appears to be identical to two other ransomware threats called Connect and Bondy virtually. The main aspects that differentiate the Sext Ransomware from other ransomware threats are the specific extension it uses for the files it encrypts and the communication channel provided by the hackers.
When the Sext Ransomware infiltrates the targeted computer, it initiates its encryption process and locks all of the user's files effectively. It affects the most popular filetypes, such as documents, PDFs, photos, videos, databases, etc. The Sext Ransomware will append '.sext' as an extension to the original filename of every file it encrypts. It also drops a text file named 'HELP_DECRYPT_YOUR_FILES.txt' in every folder containing encrypted data. The files provide the ransom note with instructions from the cybercriminals behind the threat.
As stated in the ransom note, the Sext Ransomware employs the asymmetric cryptographic algorithm RSA for the file encryption process. This means that the hackers are the only ones who possess the decryption keys needed for the restoration of the user's files. The note also shows that the ransom amount demanded from the victims has been increasing steadily. Starting from $200 with Bondy, it grew to $500 asked by Connect and now the Sext Ransomware wants $600. The ransom is supposed to be delivered in Bitcoin to the provided cryptocurrency wallet. Bitcoin is infamous for having a quite unstable exchange rate, but the hackers want to receive around 0.037 BTC (Bitcoin) at the current prices.
After completing the transaction, users are expected to initiate communication by sending a message to the hackers' email address at 'getyourdata@protonmail.com.' They also can attach a single file for free decryption.
The full text of Sext's ransom note is:
'Oops All Of your important files were encrypted Like document pictures videos etc..
Don't worry, you can return all your files!
All your files, documents, photos, databases and other important files are encrypted by a strong encryption.
How to recover files?
RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It's not possible to recover your files without private key.
The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files.
What guarantees you have?
As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file
Please You must follow these steps carefully to decrypt your files:
Send $600 worth of bitcoin to wallet: 15zw6QrCbd5r8CD2eySMoTktstuEgD1Dzs
after payment,we will send you Decryptor software
contact email: getyourdata@protonmail.com
Your personal ID:'
Table of Contents
How Does Sext Ransomware Spread?
Hackers have several tools to distribute Sext ransomware. The most common distribution methods are;
Email Scams
Hackers send thousands of spam emails containing malicious links and attachments. These attachments can be a word document, zip file, executable file, etc. Opening the email and accessing the malicious content infects computers.
Freeware Downloads
Freeware download sites are a haven for viruses like Sext Ransomware. Even legitimate programs on these platforms may be bundled with malicious programs. Be careful when installing freeware and always check the advanced settings to see if something else is being installed alongside the freeware.
Fake Software Updates
While updating software regularly is essential, you should only do so using legitimate websites and services. Hackers disguise malware as software updates to install malware rather than the desired update.
Peer-to-peer Downloads
Peer-to-peer sharing sites such as BitTorrent are filled with viruses.
Should You Pay The Ransom?
It may be tempting to pay the ransom and have it over with to get your files back. However, experts recommend that you should never pay the hackers. There are no guarantees they will hand over the decryption software or that it will even work. Cybercriminals tend to cut communication with victims once they get the money, meaning you lose your money as well as your essential data.
How to Protect Against Sext Ransomware
The first step you should take to protect your computer is not to open email attachments unless you are sure of the source. Attempt to verify the name and address of the sender. You can also scan email attachments using an antivirus program before accessing them. That way, you’ll know for sure if the attachment is safe or not.
Also, avoid downloading and installing programs through third-parties—download software through official and trusted channels. Be sure to go through the installation carefully. Look through advanced options to check to see if anything is being installed alongside the program. Don’t forget to update software and the operating system on your computer regularly.
Finally, invest in a robust antivirus program and run regular scans.
