Sigma Ransomware Locking Infected PCs

Windows Articles

Learn about the Ramnit threat and how to remove it from Windows 10.

Hello! There are computer security threats that can appear spontaneously. But, then they may not last long. On the other hand, malware...

How to get the Nextcloud desktop client on Linux?

Hello friends. We already know how to install a Nextcloud server but now the client is missing. So in this post, you...

How to Backup your call and SMS history in Android

Many times we find ourselves in the situation of having to change our phone, for different reasons, and one of the questions...

Install and configure Apache Guacamole on Debian 10

Hello, friends in this post, you will learn how to install and configure Apache Guacamole in Debian 10. It will be a...

Ubuntu 20.10 available

The new version of Ubuntu is now available, under the code name "groovy gorilla". Ubuntu 20.10 focuses on improving and refining the...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

There are hundreds of ransomware running in the wild, taking over systems and asking for a ransom to unlock the system. Recently, a new ransomware – Sigma is spreading from Russia-based IP addresses along with a variety of social engineering techniques.

Sigma ransomware attacking method

In the present days, email scam is the most efficient and effective ways for baiting victims into traps. Sigma is spreading using malicious spam emails. The email contains a statement coming from “United States District Court” with a malicious attachment.

 

The email plays with the mind of the target with some emergency strings boasting with fear to increase the curiosity of the victim. There were total 32 Russia-based IP addresses and the attacker registered the specific domain for the campaign.

Sigma working methods

The main spreading method is via spam emails. The attachment contains the ransomware that will infect your system.

The trick is, the email tries to earn trust by password protecting the attachment. This way, it forces the target to believe that the attachment is from an authentic source (from the court), a nice mind game the attacker uses.

If macros are turned off on the victim’s machine, it convinces the users for turning it on for running the malicious VBScript. The script then downloads the original Sigma Ransomware payload from the C&C server and saves it into “%temp” folder. The downloaded mimics “svchost.exe” as a legitimate service process.

In the background, the malware downloads more payloads from the server for more power over the system.

It also follows various clever techniques to hide from detection. It even kills itself if it understands the machine as a virtual machine or sandbox. If there’s no file to encrypt, then the malware also deletes itself. If the location of the victim is within Russia or Ukraine, the malware doesn’t infect as well.

In other scenarios, the malware connects with the C&C server, establishes a Tor connection and encrypts the file in the system.

Then, you’ll see the ransom note and the asking for money to unlock your system.

How to stay secure

If you want to stay secure, you have to be careful not to open file attachments from unknown sources, even if the source seems legitimate. Make sure that the source is real, as a sharp look from the email is enough to identify that it’s a spam.

Recently, security researchers discovered a super powerful spyware called InvisiMole. It’s way more sophisticated and improved than any general spyware in lots of cases. Learn more about InvisiMole.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Learn about the Ramnit threat and how to remove it from Windows 10.

Hello! There are computer security threats that can appear spontaneously. But, then they may not last long. On the other hand, malware...

How to get the Nextcloud desktop client on Linux?

Hello friends. We already know how to install a Nextcloud server but now the client is missing. So in this post, you...

How to Backup your call and SMS history in Android

Many times we find ourselves in the situation of having to change our phone, for different reasons, and one of the questions...

Install and configure Apache Guacamole on Debian 10

Hello, friends in this post, you will learn how to install and configure Apache Guacamole in Debian 10. It will be a...

Ubuntu 20.10 available

The new version of Ubuntu is now available, under the code name "groovy gorilla". Ubuntu 20.10 focuses on improving and refining the...
x