Home Malware Programs Ransomware Sekhmet Ransomware

Sekhmet Ransomware

Posted: April 2, 2020

The Sekhmet Ransomware is a file-locking Trojan that can keep documents and other media on your PC from opening. Other symptoms of infections include random extensions on your files' names and a text note recommending negotiating a ransom through a TOR website.

Egyptian Warfare on a Very Different Battlefield

Mythological themes aren't strange to file-locking Trojans, as readers might know from the old attacks of the Hermes837 Ransomware, the Minotaur Ransomware, the RagnarokCry Ransomware, or the Apophis Ransomware. However, a new arrival, the Sekhmet Ransomware, shows no tangible trail back to any of these potential ancestors. While it has the hallmarks of a Ransomware-as-a-Service, malware experts estimate the Sekhmet Ransomware's being unique currently, for now.

The Sekhmet Ransomware uses the Egyptian mythology's goddess of war for its namesake, although its payload is orienting itself towards English-speakers as the victims, conventionally. As a threatening Windows program, it resembles such families as the Globe Ransomware or Hidden Tear by leveraging a two-algorithm encryption routine for blocking files like documents or pictures. The encryption choice of RSA and ChaCha (a relative of the Salsa20 cipher family) is, however, notably untraditional.

Along with blocking these files, the Sekhmet Ransomware implements another, archetypal feature in a strange way: by adding pseudo-random extensions onto every captive file. The randomization is per file, rather than per PC, and malware experts are observing length variances from four to six characters. Such a choice is odd, considering that it counters the intention of helping victims survey the extent of the damage to their digital media quickly.

Soothing the Savage Beast that's in Your Computer

The lion-headed goddess from whence the Sekhmet Ransomware gets its theme informs its ransoming strategy to almost no extent. It uses the conventional setup of anonymous, TOR websites for taking payments, and offers a 'chat room' style interface for the negotiations with the victims. Although there's no information on current prices for the Sekhmet Ransomware decryptors, users should remain wary of paying in non-refundable methods, particularly, for a possibly buggy or fictitious service.

Users should save backups onto other devices at all times for recovery from file-locking Trojans. Less likely but possible recovery options also include advanced Shadow Volume Copies-based restoration tools and assistance from security researchers with cryptographic education. On average, unlocking files is possible in one out of every ten attacks, for 'professional' Trojans like the Sekhmet Ransomware, which are business enterprises effectively.

Anti-malware products also form an effective defensive option for nearly all PC owners, including Windows users who are at risk from this campaign.

Several versions of the Sekhmet Ransomware are pretending that they're DLL files. While these dynamic-link library files are crucial for many programs, the false extension doesn't guard the Trojan against deletion by any proper anti-malware service – just like the Trojan can't extend its reach across protected and detachable devices.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Sekhmet Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Loading...
Spywareremove.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.