Cybersecurity experts are warning users about a new ransomware threat tracked as Sickfile. Upon execution, the Sickfile Ransomware begins to encrypt the victim's files, appending their filenames with a ".sickfile" extension in the process. For example, a file titled '1.jpg' would now appear as '1.jpg.sickfile,' while '2.png' would be renamed to '2.png.sickfile.' After encrypting the files, the Sickfile Ransomware creates a ransom-demanding message named 'how_to_back_files.html.'
An Overview of Sickfile Ransomware's Demands
The Sickfile Ransomware threat appears obe leveraged mostly against larger corporate entities than individual computer users. The Sickfile Ransomware infiltrates the victim's network and encrypts their files, making them inaccessible. The attackers then demand a ransom in exchange for the decryption key or tool to restore access to the affected files. Victims are warned that if they do not contact the attackers within 72 hours, the ransom amount will increase.
Additionally, the hackers behind the Sickfile Ransomware state that they have exfiltrated sensitive information from the breached devices. If victims refuse to pay the demanded ransom, the collected data will supposedly be leaked to the public or sold to any interested parties. Essentially, Sickfile Ransomware is being deployed as part of a double-extortion operation.
It should be noted that sometimes, even if victims pay the ransom, there is no guarantee that they will receive the promised decryption keys/tools. For this reason, it is advised against paying any ransom demands, as it only serves to support illegal activity.
Steps to Take After an Sickfile Ransomware Attack
Cybersecurity is a major issue nowadays, and ransomware attacks are probably the most dreaded of them all. After discovering malware on your system, it is essential to take the necessary actions while minimizing data loss.
The first thing you need to do right away is scan your system with reliable anti-malware solutions to assess the security of your device and ascertain whether any more infected files remain in there or not. When scanning, be sure to include all your hard drives and external storage devices as well.
Once you've scanned your device with anti-malware solutions, the next step is to isolate it from any networks—Wi-Fi or LAN—as soon as possible to minimize the chances of other devices being infected. Even if your device doesn't seem to be affected, you should still disconnect it from other networks as a preventive measure.
The full text of the ransom note dropped by Sickfile Ransomware is:
'YOUR PERSONAL ID:
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
Follow the instructions to open the link:
Start a chat and follow the further instructions.
If you can not use the above link, use the email:
To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'