Threat Database Ransomware SIGARETA Ransomware

SIGARETA Ransomware

By GoldSparrow in Ransomware

The SIGARETA Ransomware is a brand-new ransomware threat, which has been spotted by malware researchers. Dealing with data-locking Trojans like the SIGARETA Ransomware is not an easy task. They are designed to encrypt the target's data and extort them for money.

Propagation and Encryption

The SIGARETA Ransomware may be propagated via fake emails that contain corrupted attachments or links. Another popular propagation method is bogus software updates/downloads. Some authors of ransomware threats also opt to use torrent trackers and malvertising as infection vectors. When the SIGARETA Ransomware infects a computer, it will scan its content and locate the files that match its criteria. The SIGARETA Ransomware is likely to encrypt documents, images, audio files, presentations, databases, spreadsheets, archives, videos, etc. Therefore, the majority of the data present on the targeted computer will be locked via a secure encryption algorithm. When the SIGARETA Ransomware locks a file, it will append an additional extension to the filename – '. SIGARETA.' This means that a file that the user had named 'green-speaker.png' will be renamed to 'green-speaker.png.SIGARETA' when the encryption process has been completed.

The Ransom Note

The SIGARETA Ransomware would make sure to drop a ransom note on the desktop of the user. The file that contains the ransom message of the attackers is named 'SIGARETA-RESTORE.txt.' In the note, the user is asked to get in touch with the attackers via email. There are three email addresses provided as a means of communication – ‘DineshSchwartz1965@protonmail.com,' ‘RupertMariner1958@protonmail.com' and ‘StephanForenzzo1985@protonmail.com.' The operators of the SIGARETA Ransomware offer to decrypt one file free of charge. The attackers also threaten the victims that unless they pay up, their data will be leaked online. This is a new trick that more and more authors of ransomware threats use to pressure their victims into paying the ransom fee.

The SIGARETA Ransomware is not decryptable for free, but it is not advisable to pay the attackers for a decryption key. This happens because there is no guarantee that you will receive what you paid for. Remove the SIGARETA Ransomware from your PC with a reputable anti-virus tool.

Trending

Most Viewed

Loading...