Threat Database Ransomware Sfile Ransomware

Sfile Ransomware

By GoldSparrow in Ransomware

Ransomware is a problem for any computer user. These crypto-viruses are dangerous because they prevent you from accessing your data. Cryptographic viruses like this find and encrypt data to extort a ransom from users. Sfile ransomware is a particularly nasty piece of work.

What is Sfile Ransomware?

Sfile ransomware is similar to other such ransomware in that it is built to encrypt files and keep them locked up until the victim pays a ransom. Sfile hasn’t made the news as much as other viruses, but there are still a number of people who have fallen victim to this virus. There are thousands of viruses that never get to the news, but that doesn’t mean they don’t exist.

What Does Sfile Ransomware Do?

Once installed on a computer, the virus gets to work scanning your computer. It looks for multiple files to encrypt and changes the file extension to ".sfile2" or ".sfile3." A file called Pic1.JPG would be changed to Pic1.JPG.sfile2, for example. The change to file extension makes the file inaccessible and useless to the computer owner.

The virus also creates a ransom note called “!!_FILES_ENCRYPTED_.txt” that explains how users can get their data back. The note, detailed below, encourages victims to contact the cybercriminals via email to get a decryption key in return for a sum of money. The note reads like the following:


Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorithm.
Backups, replications were either encrypted or wiped. Shadow copies also removed.
DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE *.sfile2 files.
This may lead to the impossibility of recovery of the certain files.
To get info how to decrypt your files, contact us at:
To confirm our honest intentions we will decrypt few files for free.
Send 2 different files with extension *.sfile2. Files should not contain essential information.
Files should be inside ZIP archive and mailed to us (SUBJ : your domain or network name).
It can be from different computers on your network to be sure we decrypts everything.
The procedure to decrypt the rest is simple:
After payment we will send you decryption software.
Don't waste time, send email with files attached as soon as possible.
It's just a business. We absolutely do not care about you and your deals, except getting benefits.
If we do not do our work and liabilities - nobody will not cooperate with us. It's not in our interests.
If you will not cooperate with our service - for us, it's doesn't matter. But you will lose your time and data, cause just we have the private key.

Should I Pay the Ransom?

Security experts strongly recommend against paying the hackers the ransom they demand. There is no guarantee that they will send you the decryption key to get your data back, or that any key you receive will even work. Most of the time, ransomware victims don’t get any decryption keys at all and lose their money as well as their data.

What you should do instead of paying the ransom is to take steps to remove the ViluciWare virus as soon as possible. While the encryption won’t be undone because you remove the virus, it will prevent further encryption. After doing that, you can use a data backup to get your lost files back. You’ll likely have to rely on data backups because ransomware is known to remove Shadow Volume Copies of data – the copies that Windows uses to create and restore backups.

How Did Sfile Ransomware Infect My Computer?

Malicious programs like this are typically distributed through email spam campaigns. Cybercriminals use malspam campaigns like this to send thousands of emails with malicious links and attachments to random internet users. The emails have attachments such as PDFs, documents, or archives. Users download and open the files, inadvertently installing malware in the process. You should always scrutinize any email from an unknown or untrusted source. Don’t bother interacting with spam at all, as it is not worth the risk.

How to Protect Against Ransomware Infections

One of the most important things you can do to protect against malicious programs is not to download and install software through unofficial websites and installers, third-party downloaders, and peer-to-peer networks such as torrent sites. You should always use official channels to get your software and avoid using pirated software. Illegal software is packed with “cracks” that activate the software. More often than not, these tools install malware instead of, or along with, activating the software. Programs and operating systems should be updated whenever possible, but make sure these updates come from official channels.

You should avoid interacting with website links and attachments in emails sent from suspicious and unknown addresses. There is the chance that these emails have been sent by cybercriminals to spread their malicious programs and catch you in a trap.

Last but not least, you should keep an antivirus program on your computer. Make sure this program is updated regularly with all the latest virus databases, detection, and removal methods. Be sure to run a virus scan regularly to detect infections like ViluciWare to keep your computer safe.

Related Posts


Most Viewed