Sequre
Ransomware | 05/29/2018

Sequre Ransomware: A Virus that can cause you lose $1280

About: Sequre ransomware is a virus written in C# programming language which encrypts the stored data using AES Algorithm. Once infiltrated, the Virus can encrypt a variety of files, including the most popular formats, like .doc, .html, .jpg, .mp3, ....  Read More  

| Ransomware | Sequre Ransomware: A Virus that can cause you lose $1280

What is Sequre Ransomware?

Sequre Ransomware, a virus written in C# programming language encrypts the stored data using AES scripting algorithm.The compromised data is renamed using the hex code pattern <sequre@tuta.io>

For instance a file named “picture.jpg” would be renamed to <sequre@tuta.io_765….> which is completely unusable.

Once the data is encrypted, an HTML executable file “HOW DECRIPT FILES.hta” is generated, and a copy of each is placed in every infected folder as a ransom note.

How does the Ransomware work?

Unlike other ransomware, Sequre encrypts the executable programming code itself rather than the data. So, when Sequre is infiltrated, full code is decrypted, compiled, and executed directly in system memory. This allows Sequre to bypass system security software (anti-virus/anti-spyware suites, etc.)

The victims are informed about the encryption through an HTML file which contains a ransom message stating that a unique decryption key is required to restore files. Victims are entitled to pay a ransom of 0.14 Bitcoin (BTC) which is equivalent to $1280 to get the decryption key which is hidden in another remote server. After submitting the payment, users are required to send a screenshot of the payment made (via email) as a proof.

To be assured to receive the decryption key,after the payment is made, victims are permitted to send a single file (upto 10MB) which is restored and returned as a ‘guarantee’ to ensure that the decryption is possible and will be received with an additional cost of .01 Bitcoin. However, the users should never agree to pay in any case because the victims are often ignored, once the ransom is paid.

So the best course of action is Sequre removal rather than attempting to recover the files.

How does your system become a victim of this ransomware?

The malware gets infiltrated by some unsafe online conducts such as downloading freebies or visiting malicious sites:

  1. Contaminated spam email attachments or malicious links: Spam Emails are delivered with infectious attachments which once opened run commands that downloads and installs the malware
  2. Clicking on fake software update tools
  3. Accidental click on Suspicious third party download sources(peer-to-peer [P2P] networks, freeware download websites, free file hosting sites and similar) present malicious executables as legitimate;
  4. Unprotected RDP(remote Desktop) configuration
  5. Mounting infected external drives

How to protect your system from this harmful virus?

  1. Never open suspicious attachments (especially if you are askedto enable a macro function) inside emails or click on links.
  2. Avoid visiting websites of dubious content, do not click on suspicious ads
  3. Finally, download and install security software with real-time protection feature.
  4. Maintain regular data backup and store them on a remote server or unplugged storage devices.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Vipre and 360 Total Security so that it remains safe.

Threat Summary

  1. Name: Sequre
  2. Browsers Affected:Google Chrome, Internet Explorer, Mozilla Firefox
  3. Targeted Operating System: Windows
  4. Category:Ransomware
  5. Symptoms: User’s files are encrypted, a ransom note demanding $1280 is displayed to decrypt the compromised data.

Steps to be followed to remove the malware from the system

Step A: Reboot your system to safe Mode with Networking

To restart the system to Safe Mode with Networking,  follow the below steps:

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click  Restart.
  3. When the screen goes blank, keep tapping  F8  Key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Networking  option from the list and press the Enter Key. The system will then restart to Safe Mode with Networking.

5 Click on the username and enter the password (if any).

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Networking. The system will then restart to Safe Mode with Networking.
  5. Click on the username and enter the password.

Step B: Reboot your system to Safe Mode with Command Prompt

Restart System using Safe mode with Command Prompt

Windows 7/ Vista/ XP

  1. Click on Windows icon present in the lower left corner of the computer screen.
  2. Select and click Restart.
  3. When the screen goes blank, keep tapping F8 key until you see the Advanced Boot Options window.
  4. With the help of arrow keys on keyboard, Select Safe Mode with Command Prompt from the list and press the Enter Key. The system will then restart to Safe Mode with Command Prompt.
  5. Click on the username and enter the password (if any).

Windows 10 / Windows 8

  1. Press and hold the Shift Key and simultaneously click on the windows icon present in the lower left corner of your computer screen.
  2. While the Shift key is still pressed click on the Power button and then click on Restart.
  3. Now select Troubleshoot → Advanced options → Startup Settings.
  4. When the Startup Settings screen appears which is the first screen to appear after restart, select and click on Enable Safe Mode with Command Prompt. The system will then restart to Safe Mode with Command Prompt.
  5. Click on the username and enter the password.

Step C: Restore the system files and settings

Restore your system files and settings

Method 1 using Control Panel

  1. Click on the ‘Start’ button on the taskbar. This will open the Start menu.
  2. Click on the ‘Control Panel’ button in the Start menu. This will open the control panel window.
  3. In the Control Panel window, click on the ‘View by:’ button on the top right. Select the Large Icon option
  4. In the control Panel window click on the ‘Recovery Icon’. This will open a window that will ask ‘Restore the computer to an earlier point in time’.
  5. Click on the ‘Open system restore’ button. This will open the ‘system restore ’window where you need to click on the Next Button.
  6.  Select the restore point that is prior the infiltration of Sequre. After doing that, click Next.
  7. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Sequre.

OR

Method 2 using Command Prompt

  1. Type cmd in the search box and click on the command prompt to open the Command Prompt window. box and clicking on it.
  2. Once the Command Prompt window shows up, enter cd restore and click Enter.(Ensure that you in the system32 directory of Windows folder in C Drive)
  3. Now type rstrui and press Enter again.
  4. When a new window shows up, click Next and select your restore point that is prior the infiltration of Sequre. After doing that, click Next.
  5. This will open the ‘Confirm your restore point’ dialog box. Click on Finish button. This will restore your system to a previous restore point before your system was infected by Sequre.

 

OR

Method 3 : Directly type 'rstrui' in the search box

  1. Type ‘Rstrui’ in the search box present on the task bar. This will open the System restore dialog box.

Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.

 

 

Hits: 13

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866