SGUARD Ransomware

There is an ever-increasing interest in ransomware threats, and this is clear to see as there are new data-locking Trojans pumped out on a daily basis. Malware researchers are struggling to keep up and analyze all the newly emerging ransomware threats. Their goal is to develop publicly available decryption tools to help the victims of ransomware, but this is truly an uphill battle for cybersecurity experts.

Propagation and Encryption

One of the most recently spotted ransomware threats is the SGUARD Ransomware. Researchers have not yet determined the infection vectors utilized in the propagation of the SGUARD Ransomware. It is highly likely that the creators of the SGUARD Ransomware have employed mass spam email campaigns, bogus software updates, and fake pirated copies of legitimate applications to spread this new file-encrypting Trojan. Upon compromising a system, the SGUARD Ransomware performs a brief scan. This scan will determine the locations of the files, which are of interest. Next, the SGUARD Ransomware will start encrypting all the targeted data. Each file that undergoes the encryption process of the SGUARD Ransomware will end up with an altered filename. The SGUARD Ransomware appends a '.sguard' extension to the name of each file. This means that a file called 'Sunny-September.mp3' will be renamed to 'Sunny-September.mp3.sguard.'

The Ransom Note

In the next step of the attack, the SGUARD Ransomware will drop its ransom note. The note is named 'SGUARD-README.txt' and reads:
’! STRICTLY FORBIDDEN TO USE NON-ORIGIN DECRYPTION TOOLS OR MODIFYING ENCRYPTED FILES - DATA WILL BE LOST !
--------------------------------------------------------------------------------------------
Your server have been attacked by an Unathorized user.
All your files have been encrypted with RSA private key to safe them from unathorized 3rd party access.
To RESTORE all your files back, please follow this few steps:
1. SecureServer service charges a payment for file decryption;
2. After payment being processed, provide us your server id-key;
3. Receive your unique decryption tool;
4. Run the decryption tool and successfully restore all your files back to normal state.
We guarantee:
100% Successful restoring of all files
100% Satisfaction guarantee
100% Safe and secure service
As a proof of our trusted decryption service, you can send us 1 file and get it decrypted for free.
--------------------------------------------------------------------------------------------
! STRICTLY FORBIDDEN TO USE NON-ORIGIN DECRYPTION TOOLS OR MODIFYING ENCRYPTED FILES - DATA WILL BE LOST !
! ONLY OUR DECRYPTION TOOL CAN RESTORE YOUR FILES !
--------------------------------------------------------------------------------------------
Contact us: support-ssp@pm.me
Payment type: Bitcoin
Our wallet: 15Z7vDXHCtWdfVKZkD3sJWJEK6jeBznzT9
Sum: 600 EUR
Your server ID-KEY:
---
--------------------------------------------------------------------------------------------
For any questions: support-ssp@pm.me
SecureServer Systems (c) 2019 / ProtonProject EU
===Key verify text===’

The ransom fee demanded by the attackers is €600 in the shape of Bitcoin. The attackers warn the user against attempting to unlock their data using third-party decryption tools because they claim that all data will be damaged irreversibly. The authors of the note provide the victim with an email address where they can be contacted – 'support-ssp@pm.me.'

We would advise you always to keep your distance when it comes to dealing with cyber crooks like the ones behind the SGUARD Ransomware. A safer approach in this situation is to obtain a reputable anti-malware application and use it to remove the SGUARD Ransomware from your PC safely.