SIFRELI Ransowmare Description
At the end of October, malware researchers spotted a new data-encrypting Trojan out in the wild. They have given it the name SIFRELI Ransomware. It does not appear that this Trojan belongs to any of the known ransomware families. It seems that this ransomware threat targets users located in Turkey mostly. Furthermore, the word 'sifreli' in Turkish means' encrypted.'
Propagation and Encryption
It has not yet been revealed how the attackers are propagating the SIFRELI Ransomware. Among the most common methods are fraudulent application updates, torrent trackers, and pirated copies of popular software services. However, the most popular technique of distributing ransomware threats is via mass spam email campaigns. The emails in question would include a corrupted attachment that, once launched, would infect the user's system. The SIFRELI Ransomware makes sure to target a very long list of filetypes, which are very likely to be found on any normal user's computer. These would include .mp4, .mp3, .jpeg, .jpg, .doc, .docx, .ppt, .pptx, .pdf, .mov, .png, .gif files among countless others. Then, the SIFRELI Ransomware will use an encryption algorithm to lock all the files targeted. The SIFRELI Ransomware appends a '.SIFRELI' or '.SIFRELI_DOSYA' extension to all the locked file's names. For example, a file called 'little-pug.jpeg' will be renamed to 'little-pug.jpeg.SIFRELI' or 'little-pug.jpeg. SIFRELI_DOSYA' when this data-encrypting Trojan locks it.
The Ransom Note
In the next step of the attack, the SIFRELI Ransomware would drop its ransom note. The note's name is 'fidye-uyari.txt.' It is very concise and written in Turkish entirely. It does not mention what the ransom fee is. The attackers only ask the victim to contact them via email ‘email@example.com' and warn them to make sure to attach a file called 'bootTel.dat' to their message.
It is not a good idea to attempt to contact cybercriminals. They will attempt to extort you while promising that they will provide you with a decryption key that will unlock all the affected data. However, cyber crooks like the ones responsible for the SIFRELI Ransomware keep their promises rarely, and you are likely to be left empty-handed even if you pay the sum they demand. A much safer approach in this difficult situation is to remove the SIFRELI Ransomware from your computer using a genuine anti-malware application. Then, you can attempt to recover some of the locked files using a third-party data-recovery application, but the results may not be satisfactory.
Do You Suspect Your PC May Be Infected with SIFRELI Ransowmare & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like SIFRELI Ransowmare as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.