Sigrun Ransomware
The Sigrun Ransomware is an encryption ransomware Trojan that was first observed on May 17, 2018. The Sigrun Ransomware is being distributed by delivering fake emails from Amazon and exploiting vulnerabilities in the Microsoft Office suite. Victims of the Sigrun Ransomware attack will receive a fake email message from Amazon with an attached Microsoft Office file. This file will contain a corrupted macro script that downloads and installs the Sigrun Ransomware onto the victim's computer. This method is one of the preferred ways in which threats like the Sigrun Ransomware are distributed to computer users.
Table of Contents
Your Files will Become Inaccessible after a Sigrun Ransomware Attack
Once the Sigrun Ransomware has been installed, it will scan the victim's computer in search for the user-generated files, which may include media files, databases and numerous document types. The examples of the files that the Sigrun Ransomware will seek out and encrypt during its attack include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Once the Sigrun Ransomware has encrypted a file, the file will be inaccessible permanently, due to the strength of the encryption method involved. As long as the Sigrun Ransomware attack has compromised a file, it can be recognized easily because the Sigrun Ransomware will add the file extension '.sigrun' to each affected file's name. When the Sigrun Ransomware finishes its encryption task, the files cannot be opened by the victim's applications and will not be recognized by Windows, showing up as blank icons on Windows Explorer.
How the Sigrun Ransomware is Used to Generate Revenue
Once the Sigrun Ransomware has encrypted the victim's files, it will attempt to get money from the victim. To do this, the Sigrun Ransomware will deliver two ransom notes in the form of TXT and HTML files dropped on the infected computer's desktop. These files are named 'RESTORE-SIGRUN.txt' and 'RESTORE-SIGRUN.htm' and can be opened on the victim's preferred text editor or Web browser. The full text of the Sigrun Ransomware ransom notes reads as follows:
'Sigrun Ransomware
Dear user, all your important files have been encrypted!
Don't worry! Your files still can be restored by us!
In order to restore it you need to contact with us via e-mail.
sigrun_decryptor@protonmail.ch
As a proof we will decrypt 3 files for free!
Please, attach this to your message:
[5 strings of 32 random characters]'
Computer users are emphatically advised to refrain from contacting the criminals associated with the Sigrun Ransomware attack, despite the offer to decrypt files for free. Frequently, these criminals will take advantage of the victims that contact them, leading to further hoaxes or additional problems.
Protecting Your Data from Threats Like the Sigrun Ransomware
Once the Sigrun Ransomware has encrypted your files, they will become unrecoverable. Because of this, the best method to deal with threats like the Sigrun Ransomware is prevention. Educated computer users will have a strong security program that is fully up-to-date installed and running and especially careful when dealing with any unsolicited email attachments. The best protection against threats like the Sigrun Ransomware, however, is to have file backups. If you have copies of your file, then you can recover from a Sigrun Ransomware attack without needing to contact the criminals responsible.
