Sigma Ransomware Locking Infected PCs

Windows Articles

How to create a new KVM virtual Machine on Debian 10?

In the previous post, we explained how to install KVM on Debian 10. Now it's time to create a KVM Virtual Machine.

How to repair a USB drive in Windows 10.

Hi! USB sticks are undoubtedly very functional elements for working in Windows 10. Indeed, their use ranges from file management to creating...

How to install double-tap on back gesture on your Android

Hi, how are you? The double-tap on back gesture is one of the new functions available on Android 11 and IOS 14....

How to install KVM on Debian 10?

Hello friends, in this post I will show you how to install KVM on Debian 10. KVM stands for...

How to open Windows 10 Mobility Center

Hello! There are many types of users of Windows 10. As it depends on the type of hardware used. That is, the...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

There are hundreds of ransomware running in the wild, taking over systems and asking for a ransom to unlock the system. Recently, a new ransomware – Sigma is spreading from Russia-based IP addresses along with a variety of social engineering techniques.

Sigma ransomware attacking method

In the present days, email scam is the most efficient and effective ways for baiting victims into traps. Sigma is spreading using malicious spam emails. The email contains a statement coming from “United States District Court” with a malicious attachment.

 

The email plays with the mind of the target with some emergency strings boasting with fear to increase the curiosity of the victim. There were total 32 Russia-based IP addresses and the attacker registered the specific domain for the campaign.

Sigma working methods

The main spreading method is via spam emails. The attachment contains the ransomware that will infect your system.

The trick is, the email tries to earn trust by password protecting the attachment. This way, it forces the target to believe that the attachment is from an authentic source (from the court), a nice mind game the attacker uses.

If macros are turned off on the victim’s machine, it convinces the users for turning it on for running the malicious VBScript. The script then downloads the original Sigma Ransomware payload from the C&C server and saves it into “%temp” folder. The downloaded mimics “svchost.exe” as a legitimate service process.

In the background, the malware downloads more payloads from the server for more power over the system.

It also follows various clever techniques to hide from detection. It even kills itself if it understands the machine as a virtual machine or sandbox. If there’s no file to encrypt, then the malware also deletes itself. If the location of the victim is within Russia or Ukraine, the malware doesn’t infect as well.

In other scenarios, the malware connects with the C&C server, establishes a Tor connection and encrypts the file in the system.

Then, you’ll see the ransom note and the asking for money to unlock your system.

How to stay secure

If you want to stay secure, you have to be careful not to open file attachments from unknown sources, even if the source seems legitimate. Make sure that the source is real, as a sharp look from the email is enough to identify that it’s a spam.

Recently, security researchers discovered a super powerful spyware called InvisiMole. It’s way more sophisticated and improved than any general spyware in lots of cases. Learn more about InvisiMole.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to create a new KVM virtual Machine on Debian 10?

In the previous post, we explained how to install KVM on Debian 10. Now it's time to create a KVM Virtual Machine.

How to repair a USB drive in Windows 10.

Hi! USB sticks are undoubtedly very functional elements for working in Windows 10. Indeed, their use ranges from file management to creating...

How to install double-tap on back gesture on your Android

Hi, how are you? The double-tap on back gesture is one of the new functions available on Android 11 and IOS 14....

How to install KVM on Debian 10?

Hello friends, in this post I will show you how to install KVM on Debian 10. KVM stands for...

How to open Windows 10 Mobility Center

Hello! There are many types of users of Windows 10. As it depends on the type of hardware used. That is, the...