Sigma Ransomware Locking Infected PCs

Windows Articles

How to install Lighttpd on Ubuntu 20.04?

There are many web services in Unix but we always look for the one that best suits our needs. In this case,...

How to install Docker on Ubuntu 20.04 / Debian 10?

Docker is a fairly popular technology in today's sysadmin. It is logical to think because it means a complete change in the way images...

How to install Mantis Bug Tracker on Ubuntu 20.04?

Hi, folks. In this post, I will help you to install Mantis Bug Tracker on Ubuntu 20.04 If you...

How to install WordPress with Nginx on Ubuntu 20.04?

Hi, folks. In this post, we will help you install Wordpress with Nginx on Ubuntu 20.04. It's a lot easier than you...

Electron 9.0 available

News has arrived that many developers are going to love. And that is that Electron this great cross-platform application framework has released...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

There are hundreds of ransomware running in the wild, taking over systems and asking for a ransom to unlock the system. Recently, a new ransomware – Sigma is spreading from Russia-based IP addresses along with a variety of social engineering techniques.

Sigma ransomware attacking method

In the present days, email scam is the most efficient and effective ways for baiting victims into traps. Sigma is spreading using malicious spam emails. The email contains a statement coming from “United States District Court” with a malicious attachment.

 

The email plays with the mind of the target with some emergency strings boasting with fear to increase the curiosity of the victim. There were total 32 Russia-based IP addresses and the attacker registered the specific domain for the campaign.

Sigma working methods

The main spreading method is via spam emails. The attachment contains the ransomware that will infect your system.

The trick is, the email tries to earn trust by password protecting the attachment. This way, it forces the target to believe that the attachment is from an authentic source (from the court), a nice mind game the attacker uses.

If macros are turned off on the victim’s machine, it convinces the users for turning it on for running the malicious VBScript. The script then downloads the original Sigma Ransomware payload from the C&C server and saves it into “%temp” folder. The downloaded mimics “svchost.exe” as a legitimate service process.

In the background, the malware downloads more payloads from the server for more power over the system.

It also follows various clever techniques to hide from detection. It even kills itself if it understands the machine as a virtual machine or sandbox. If there’s no file to encrypt, then the malware also deletes itself. If the location of the victim is within Russia or Ukraine, the malware doesn’t infect as well.

In other scenarios, the malware connects with the C&C server, establishes a Tor connection and encrypts the file in the system.

Then, you’ll see the ransom note and the asking for money to unlock your system.

How to stay secure

If you want to stay secure, you have to be careful not to open file attachments from unknown sources, even if the source seems legitimate. Make sure that the source is real, as a sharp look from the email is enough to identify that it’s a spam.

Recently, security researchers discovered a super powerful spyware called InvisiMole. It’s way more sophisticated and improved than any general spyware in lots of cases. Learn more about InvisiMole.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to install Lighttpd on Ubuntu 20.04?

There are many web services in Unix but we always look for the one that best suits our needs. In this case,...

How to install Docker on Ubuntu 20.04 / Debian 10?

Docker is a fairly popular technology in today's sysadmin. It is logical to think because it means a complete change in the way images...

How to install Mantis Bug Tracker on Ubuntu 20.04?

Hi, folks. In this post, I will help you to install Mantis Bug Tracker on Ubuntu 20.04 If you...

How to install WordPress with Nginx on Ubuntu 20.04?

Hi, folks. In this post, we will help you install Wordpress with Nginx on Ubuntu 20.04. It's a lot easier than you...

Electron 9.0 available

News has arrived that many developers are going to love. And that is that Electron this great cross-platform application framework has released...