SGUARD Ransomware

SGUARD Ransomware Description

There is an ever-increasing interest in ransomware threats, and this is clear to see as there are new data-locking Trojans pumped out on a daily basis. Malware researchers are struggling to keep up and analyze all the newly emerging ransomware threats. Their goal is to develop publicly available decryption tools to help the victims of ransomware, but this is truly an uphill battle for cybersecurity experts.

Propagation and Encryption

One of the most recently spotted ransomware threats is the SGUARD Ransomware. Researchers have not yet determined the infection vectors utilized in the propagation of the SGUARD Ransomware. It is highly likely that the creators of the SGUARD Ransomware have employed mass spam email campaigns, bogus software updates, and fake pirated copies of legitimate applications to spread this new file-encrypting Trojan. Upon compromising a system, the SGUARD Ransomware performs a brief scan. This scan will determine the locations of the files, which are of interest. Next, the SGUARD Ransomware will start encrypting all the targeted data. Each file that undergoes the encryption process of the SGUARD Ransomware will end up with an altered filename. The SGUARD Ransomware appends a '.sguard' extension to the name of each file. This means that a file called 'Sunny-September.mp3' will be renamed to 'Sunny-September.mp3.sguard.'

The Ransom Note

In the next step of the attack, the SGUARD Ransomware will drop its ransom note. The note is named 'SGUARD-README.txt' and reads:
’! STRICTLY FORBIDDEN TO USE NON-ORIGIN DECRYPTION TOOLS OR MODIFYING ENCRYPTED FILES - DATA WILL BE LOST !
--------------------------------------------------------------------------------------------
Your server have been attacked by an Unathorized user.
All your files have been encrypted with RSA private key to safe them from unathorized 3rd party access.
To RESTORE all your files back, please follow this few steps:
1. SecureServer service charges a payment for file decryption;
2. After payment being processed, provide us your server id-key;
3. Receive your unique decryption tool;
4. Run the decryption tool and successfully restore all your files back to normal state.
We guarantee:
100% Successful restoring of all files
100% Satisfaction guarantee
100% Safe and secure service
As a proof of our trusted decryption service, you can send us 1 file and get it decrypted for free.
--------------------------------------------------------------------------------------------
! STRICTLY FORBIDDEN TO USE NON-ORIGIN DECRYPTION TOOLS OR MODIFYING ENCRYPTED FILES - DATA WILL BE LOST !
! ONLY OUR DECRYPTION TOOL CAN RESTORE YOUR FILES !
--------------------------------------------------------------------------------------------
Contact us: support-ssp@pm.me
Payment type: Bitcoin
Our wallet: 15Z7vDXHCtWdfVKZkD3sJWJEK6jeBznzT9
Sum: 600 EUR
Your server ID-KEY:
---
--------------------------------------------------------------------------------------------
For any questions: support-ssp@pm.me
SecureServer Systems (c) 2019 / ProtonProject EU
===Key verify text===’

The ransom fee demanded by the attackers is €600 in the shape of Bitcoin. The attackers warn the user against attempting to unlock their data using third-party decryption tools because they claim that all data will be damaged irreversibly. The authors of the note provide the victim with an email address where they can be contacted – 'support-ssp@pm.me.'

We would advise you always to keep your distance when it comes to dealing with cyber crooks like the ones behind the SGUARD Ransomware. A safer approach in this situation is to obtain a reputable anti-malware application and use it to remove the SGUARD Ransomware from your PC safely.

Do You Suspect Your PC May Be Infected with SGUARD Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like SGUARD Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.