Sigma Ransomware
Posted: November 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 1/10 |
---|---|
Infected PCs: | 91 |
First Seen: | March 27, 2019 |
---|---|
Last Seen: | April 12, 2022 |
OS(es) Affected: | Windows |
The Sigma Ransomware is a Trojan that blocks the user's files by encrypting them so that it can sell a decryption tool to its victims. Anticipated symptoms related to the Sigma Ransomware attacks include both cosmetic changes to the Windows desktop and a variety of text messages generated for assisting with the extortion. Although malware experts can't confirm the compatibility of third-party decryption software with this threat, users should try to avoid paying the ransom while also removing the Sigma Ransomware with appropriate anti-malware products.
The Greek Alphabet Turns to Ransoming Files
Another Trojan is starting a campaign of its own for turning damaged files into ransoms via the twin features of automatic encryption and simple, document-displaying attacks. Although malware experts can't verify the Sigma Ransomware as being a part of a family like Hidden Tear or the Jigsaw Ransomware, its payload isn't highly innovative and provides the symptoms anyone would expect from similar threats. Spam e-mails are, as per the norm, the infection vector responsible for delivering this Trojan to vulnerable PCs.
After the victim opens the corrupted e-mail attachment, the Sigma Ransomware installs itself through means allowing its automatic startup with Windows as a background process. The Sigma Ransomware then begins searching local directories for files that it can modify with an RSA algorithm that's meant to encode the victim's digital media and prevent it from opening. Unlike similar threats, malware experts note that the Sigma Ransomware uses a semi-random extension of four characters that it adds onto the names of these files, instead of a fixed string (such as the common '.locked' or '.encrypted').
The Sigma Ransomware gives the user several avenues for reading its ransom message, including a desktop wallpaper, a local Web page, and a text file. All these instructions show demands for the victim to visit the Sigma Ransomware's TOR website for further assistance in paying a ransom for the file-unlocking solution. One distinction that the Sigma Ransomware bears to contrast itself with competing Trojans is the customer ID it uses: instead of generating a unique number, it uses the default Windows GUID.
Taking Your Computer Back from Cybercrooks
With a well-developed website and Bitcoin payment demands of thousands of dollars, the Sigma Ransomware is suitable for targeting business entities particularly. Its infection method of spam e-mails also is equally appropriate for such targeted attacks against for-profit organizations, and users should anticipate the Sigma Ransomware's installers to disguise themselves as secure workplace documents. Once on the PC, malware analysts have seen different versions of the Sigma Ransomware hide their executable with various labels, including ones claiming that the Trojan is the Svchost.exe Windows component and a bootable USB tool.
Due to the RSA-based cryptography being, typically, secured from third-party decoding, malware analysts advise that users with any non-disposable media keep spare copies of their work on additional backup devices as a reliable recovery solution. Paying Bitcoin ransoms to this Trojan's authors may or may not provide the victim with the ability to decode and unlock their files. However, a clear majority of anti-malware products may delete the Sigma Ransomware automatically, despite some code obfuscation and anti-sandbox measures present in this threat.
The Sigma Ransomware's campaign is a balanced but not particularly creative one that's likely to make significant profits out of relatively few targets with high-value data worth blocking. The more important your files are to you, the more necessary it is to keep hidden Trojans like the Sigma Ransomware from gaining ownership over them indirectly.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SYSTEMDRIVE%\Users\<username>\Desktop\Downloads\4.5.0_Smart_ActiveX_Errors_Fixer_Pro_Setup.exe
File name: 4.5.0_Smart_ActiveX_Errors_Fixer_Pro_Setup.exeSize: 4.51 MB (4518384 bytes)
MD5: 6c56edb444a5b6b12703ef82dbc18ae5
Detection count: 47
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\Desktop\Downloads\4.5.0_Smart_ActiveX_Errors_Fixer_Pro_Setup.exe
Group: Malware file
Last Updated: December 28, 2022
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.