SOREBRECT Ransomware

The SOREBRECT Ransomware is a ransomware Trojan that is mainly being used against businesses and high-profile targets, rather than individual computer users. The SOREBRECT Ransomware is a sophisticated ransomware Trojan that manages to carry out an attack that does not involve the delivery of a file, making it more effective in its attack and difficult to remove. Although ransomware Trojans are quite common, ransomware Trojans that use attacks without a file are quite rare. The SOREBRECT Ransomware was first observed in the late Spring of 2017 while malware researchers investigated threat attacks in Middle Eastern locations. The SOREBRECT Ransomware has carried out attacks in various countries around the world, including Russia, the United States, China, Mexico, Italy and Japan.

How the SOREBRECT Ransomware Carries out Its Attack

Rather than delivering an executable file to the victim's computer, the SOREBRECT Ransomware will instead inject its code into legitimate file processes operating on the infected computer. This allows the SOREBRECT Ransomware to remain undetected and free to carry out an attack that's more difficult to stop, remove or detect. In most cases, the SOREBRECT Ransomware is being delivered through brute force attacks that take advantage of poor password protection on remote desktop connections and other, similar points of access into a network or computer. Once access has been gained into a potential target, the con artists will carry out an attack with the SOREBRECT Ransomware, which injects its code into the svchost.exe process, a legitimate Microsoft Windows file process that is used to host other memory processes on the infected computer. Svchost.exe is found on the Windows system folder. The SOREBRECT Ransomware takes advantage of the PsExec utility to connect to the SOREBRECT Ransomware threat to configure it and carry out the attack.

The Well-Known Infection Method Used by the SOREBRECT Ransomware

There is little to differentiate the SOREBRECT Ransomware from other ransomware Trojans once it has begun its attack. The SOREBRECT Ransomware will corrupt the victim's data, targeting files on all local drives, shared network directories, and removable memory devices connected to the infected computer and taking them hostage by encrypting them with a strong encryption algorithm. Once the SOREBRECT Ransomware has encrypted the victim's files, the SOREBRECT Ransomware will demand the payment of a ransom from the victim. The SOREBRECT Ransomware has various self-defense mechanisms designed to prevent computer users from detecting its presence or removing it once it has begun carrying out its attack.

The SOREBRECT Ransomware will delete all traces of itself during its attack to prevent malware researchers from analyzing it to help computer users recover from a SOREBRECT Ransomware attack. During the infection, the SOREBRECT Ransomware will take several steps to prevent computer users from recovering using alternate means, including erasing the Windows System Restore Points, the Shadow Volume Copies, and other Windows features that could be used to recover the affected files. Once the SOREBRECT Ransomware has finished its attack and removed all traces of itself, the SOREBRECT Ransomware will deliver its ransom note. The SOREBRECT Ransomware's ransom note takes the form of a simple text file named 'READ ME ABOUT DECRYPTION.txt,' which delivers the following message:

'Your files were encrypted.
Your personal ID is: [128 RANDOM CHARACTERS]
To buy private key for unlocking files please contact us:
[RANDOM EMAIL ADDRESSS]
Please, include the ID above.'

The Aftermath of a SOREBRECT Ransomware Attack

The files encrypted by the SOREBRECT Ransomware attack will no longer be readable and appear as blank icons with the file extension '.pr0tect' added to the end of the file name. Unfortunately, since the SOREBRECT Ransomware is a very sophisticated threat, it is nearly impossible to recover the files affected by the SOREBRECT Ransomware infection. The best protection against the SOREBRECT Ransomware and similar ransomware threats is to have backup copies of all files, and in the case of businesses and Web servers, disk images that can facilitate an easy and full recovery.

SpyHunter Detects & Remove SOREBRECT Ransomware