SepSys Ransomware

The SepSys Ransomware is a file-locker Trojan without a known family or Ransomware-as-a-Service attached to it. Despite minor differences from similar threats, it remains capable of blocking media content and stopping it from opening as a means of extorting money from victims. Users should let anti-malware tools protect their PCs and delete the SepSys Ransomware immediately while maintaining backups that make any data loss negligible.

Files Going a Little Septic

Ransomware-as-a-Service like the Dharma Ransomware and Hidden Tear spinoffs make up the bulk of the file-locker Trojan 'industry,' but not the entirety of it. Pranks, programming experiments, and other, independent efforts also have a place in soliciting money after blocking files, such as the campaigns of the Wulfric Ransomware, the Mind Ransomware, and the SepSys Ransomware. The last of these, a product of  threat actors calling themselves Silicon Venom, makes for a cheap alternative to the traditional RaaS, particularly.

The SepSys Ransomware is Windows-based, like the bulk of similar Trojans with encryption-related payloads. It includes the AES cryptography for converting files into non-opening copies of themselves, before adding 'sepsys' extensions onto the ends of their names and deleting the originals. Significantly less obviously, it also modifies Intranet settings, which may cause network accessibility issues for users or assist attackers with accessing other systems on the same network.

Ultimately, the SepSys Ransomware's payload is just as mercenary and financially-motivated as those of its competitors. It uses Web page ransom notes for asking for one hundred USD in Bitcoin to its wallet. For now, malware experts see no victims paying and recommend keeping that state of affairs intact. The SepSys Ransomware also includes an additional warning of 'over time' data loss, which it may create through triggers of its encryption routine. The Trojan's accessing CPU clock information may relate to this feature, which is, however, unverifiable.

Cleaning Up Sepsis without the Fee

The unique origin tale of the SepSys Ransomware has little in the way of distinguishing details for how one might defend one's files against attacks by this Trojan. Backups continue being essential for all users, in business settings or personal ones, for keeping data from potential subjection to extortion or, in more extreme cases, loss due to corruption or deletion. The SepSys Ransomware targets many of the formats that are most popular among users, such as MP3s, JPGs and other media.

Malware researchers encourage avoiding infection vectors that are common to file-locking Trojans in 2020. Possible routes for the SepSys Ransomware installation attacks include:

• E-mail links that obfuscate their addresses or use confusing domain names that are reminiscent of authentic ones.
• E-mail attachments involving PDF or Word documents, typically, or spreadsheets that are hosting embedded exploits like corrupted macros.
• Torrents and other resources that are promoting illicit content, ranging from 'free' movies or music to specialized game-cracking or cheating utilities.

Administrators also should exercise discipline over updating software and monitoring RDP features, admin privileges, and similar vulnerabilities. Anti-malware products from most brands will delete the SepSys Ransomware but can't decrypt the blocked media.

As another criminal group steps into an illicit software business model, random PC users will pay the price. What may come from the Silicon Venom next can't be anything but detrimental to those who forget their backups or security standards, as easy as it is to avoid doing so.