What is Sigma Ransomware?
Sigma ransomware is dangerous threat to the PC, once it gets installed on the system; it encrypts the personal documents, photos, videos and other files of the user. Sigma ransomware is distributed as a malware spam pretending to be an email response to the ‘gigs section’ posted on craigslist by the users.
This email contains a Word or a RTF document that is password protected which lures the user into thinking that this is a genuine reply to their entry on craigslist. Since it is password protected, the user believes that the sender has gone through the trouble to secure the document, and hence, the user opens the file.
The sigma ransomware is downloaded from a random website once this word or RTF file is opened and its content enabled. Once the Sigma ransomware infects your system it will encrypt all your files and mark them with encrypted key at the bottom of each file.
Threat Behavior
Sigma ransomware is a dangerous ransomware that is distributed as a malware spam email response to user’s entry on craigslist under the ‘gigs’ section. This malware response contains an attached Word file that is password protected to provide credibility to the sender.
Once the user opens the Word file, it prompts the user to enable the content of the document. Once the user enables the content of the word file it launches an embedded VBA script that downloads and installs the sigma ransomware on the system. The VBA script downloads a password protected RAR file, which gets extracted in the %TEMP% folder. It then executes the extracted svchost.exe file. This svchost.exe is the sigma ransomware executable file that will then start encrypting your system.
Once the sigma ransomware has encrypted the files on the system, these files will include a file marker at the bottom of each file which is an encrypted key. The folders of all the infected files contain a readme.txt or readme.html that displays the ransom note from Sigma ransomware. It also places these files on the desktop where it changes the wallpaper prompting the user to open these files for the ransom note. This ransom note instructs the user to connect to the sigma ransomware TOR website to pay for the two-part decryption key.
The sigma ransomware threatens the user to pay the money within seven days of the infection otherwise the price will be doubled. Generally, the hackers do not provide any decryption key and the user is scammed out of their hard earned money. It is advised to never pay these cyber criminals because they can’t be trusted as they have already broken the user’s trust by infecting their PC with a ransomware.
Threat Summary
Name – Sigma Ransomware
Targeted Operating system – Windows XP, Windows Vista, Windows 7, Windows 8.0/8.1, Windows 10
Category – Ransomware
Symptoms – User’s files are encrypted and display encrypted key in the files. It changes the desktop wallpaper.
How to remove Sigma Ransomware from your system?
Sigma ransomware is a malicious program that is a dangerous threat to the system. It encrypts user data and demands money in return for the decryption key. It is advised that the user never pay these cyber criminals and follow ransomware removal guide to remove sigma ransomware from the system. The system should be updated with the latest anti-virus protection to keep it virus-free.
How did your system got infected?
The cybercriminals use various strategies for malware distribution which include –
STEP A – Restore the encrypted data by Sigma Ransomware via Windows previous version.
If the system restore was enabled for both, system and user files, then you can recover your personal data through Windows Previous Version, provided the ransomware has not damaged the backup files. To restore your data follow the instructions given below –
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
STEP B – Restart System using Safe mode with Networking
5 Click on the username and enter the password (if any).
Tips to prevent your computer system from getting infected –
Hits: 41
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.