The Sigma Ransomware is an encryption ransomware Trojan that was first observed by PC security researchers on November 9, 2017. The Sigma Ransomware carries out a typical ransomware attack, encrypting the victim's files so that the payment of a ransom should be made in exchange for the decryption program needed to restore the affected files. Like many other encryption ransomware Trojans, the Sigma Ransomware is delivered to victims through the use of spam email attachments, which may take the form of corrupted Microsoft Word documents, which include macro scripts that download and install the Sigma Ransomware onto the victim's computer. Spam email messages used to deliver threats like the Sigma Ransomware will often use social engineering techniques meant to trick the victim into thinking that the tricky email message was sent by a reputable source.
What the Sigma Ransomware can do with Your Files
The Sigma Ransomware seems to be a variant of ransomware engines that are available freely, which may be an open source threat that is available on underground hacking forums. There is very little to differentiate the Sigma Ransomware from the countless other ransomware Trojans that are active currently. The Sigma Ransomware will encrypt victims' files in its attack, searching for the user-generated files while avoiding the files necessary for the victim's operating system. The file types that threats like the Sigma Ransomware target in their attacks:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Sigma Ransomware marks the files it encrypts in its attack by adding a file extension made up of four random characters to the end of each affected file's name.
The Sigma Ransomware's Ransom Demands
The Sigma Ransomware delivers a ransom note in the form of an HTML file named 'ReadMe.html' that is dropped on the infected computer system's desktop following the files'encryption. The Sigma Ransomware's ransom note reads:
'What has happened to my files ? Why i am seeing this ?
All of your files have been encrypted with RSA 2048 Encryption. Which means, you wont be able to open them or view them properly. It does NOT mean they are damaged.
Well its quite simple only we can decrypt your files because we hold your RSA 2048 private key. So you need to buy the special decryption software and your RSA private key from us if you ever want your files back. Once payment is made, you will be given a decrypter along with your private key, once you run that , All of your files will be unlocked and back to normal.
So there are 2 ways to do this either you wait for a miracle and get your price doubled or follow instructions below carefully and get back your all important files.'
Computer users are counseled to refrain from following the instructions in this ransom note. Instead of paying the Sigma Ransomware ransom amount, computer users should instead restore their files from a backup copy. This is why file backups is the best protection against the Sigma Ransomware and similar threats. This, incorporated with a reliable security program, is enough to keep your data safe from threats like the Sigma Ransomware.
SpyHunter Detects & Remove Sigma Ransomware
File System Details
Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.