Home Malware Programs Ransomware SIFRELI Ransomware

SIFRELI Ransomware

Posted: November 1, 2019

The SIFRELI Ransomware is a file-locking Trojan whose campaign is targeting residents of Turkey. Besides the unusual choice of locale, the SIFRELI Ransomware is similar to other threats of its kind and will use encryption for stopping your most valuable digital media from opening. Having sufficiently secure backups can prevent this from becoming ransoming leverage, and most anti-malware products should remove the SIFRELI Ransomware.

Middle Eastern Trojans with Your Files Foremost in Their Thoughts

Although some areas of the world are under more substantial attack than others, such as the Philippines routine bombardment by versions of the STOP Ransomware, file-locking Trojans are a global problem. The SIFRELI Ransomware campaign makes the point precisely by proceeding with blocking files and collecting ransoms – but only for residents of Turkey. Although its infection vectors have yet to reveal themselves, malware experts can confirm that nearly all victims are Turkish residents.

The SIFRELI Ransomware uses encryption for keeping users from opening their files and may damage such typical formats as documents, spreadsheets, compressed archives, pictures or audio recordings. Two variants of the SIFRELI Ransomware appear to be circulating, with each one appending a different extension onto these digital prisoners: either 'SIFRELI' or 'SIFRELI_DOSYA.' From Turkish, these labels translate to 'password' and 'password_file,' respectively.

The other symptom malware researchers are taking notice of, its text ransom note also uses Turkish. While its template doesn't fit other, well-known Turkish Trojans, like the Estemani Ransomware, the gist is the same: it offers an e-mail address for negotiating ransoms over the unlocking service or decryptor. It also has a complete list of the files that it's encrypted, which may help users with narrowing down what is and isn't openable.

Stopping Middle Eastern Warfare – for Your Computer

Ultimately, the SIFRELI Ransomware's infection methodology could use any of various techniques, all of which are equally capable of preventing users outside of Turkey from compromising themselves. The ones malware experts note as most likely include:

  • Corrupted or hacked websites may load Exploit Kits that launch drive-by-download attacks through your browser These exploits can have filtering options so that only users in certain regions (usually, according to their IP addresses) are affected.
  • Fake or compromised downloads may use themes that are relevant to one country or another, such as political news articles or popular movies.
  • The threat actor also could be circulating the SIFRELI Ransomware personally. Administrators for Turkish networks or websites should maintain all appropriate security practices, such as updating software and using proper password protection.

Because its encryption strength is wholly unknown, malware researchers can't promise that a free unlocking service will become available. Canny users can protect themselves with backups saved to other devices and anti-malware programs for deleting the SIFRELI Ransomware.

The SIFRELI Ransomware reminds the Turkish Internet surfers that being smaller than giants like China or the United States is far from any protection from greedy criminals. Extortion and encryption are problems that no know borders, even if they may speak languages, on occasion.