Home Malware Programs Ransomware Sepsis Ransomware

Sepsis Ransomware

Posted: January 30, 2018

The Sepsis Ransomware is a file-locking Trojan that prevents you from opening pictures, text documents, and other media by encrypting them. The media damage from these attacks may or may not be reversible by free tools, and malware experts recommend keeping a secure backup as insurance against this threat. The Trojan's removal requires modifying some essential Windows components, and most users should have anti-malware programs delete the Sepsis Ransomware automatically.

Files Turning Septic with Help from Trojans

As competitive as the field of Ransomware-as-a-Service is, old, reliable tools like the Crysis Ransomware family are retaining some level of success, thanks to frequent updates, general ease of use, and aggressive pricing models. Although new releases, like the Sepsis Ransomware, offer the same external risk types to any victims, such as automatic encryption or any certainty of an available decryptor, they can include internal changes improving their chances of avoiding security protocols or eliminating backups that could neutralize their payloads.

The Sepsis Ransomware is one of many, apparent branches of the Crysis Ransomware business, which consists of substantive forks, like the Dharma Ransomware, but always includes a non-consensual encryption attack and a ransom note (usually, an advanced HTML or HTA page). The Sepsis Ransomware release of this family uses a hard-coded Mutex, rather than a dynamic one, for keeping multiple copies of itself from running, which it adds to the Windows Registry during its installation. The Sepsis Ransomware also hides its main executable as a native part of Windows ('svchost.exe'), which could let it maintain a memory process without causing any suspicion.

After that, the Sepsis Ransomware searches the user's drives for formats worth locking, by encrypting them with a Rijndael or AES algorithm. Microsoft Office media, text documents, images, archives, audio, and databases are particularly high-risk targets of these data-encrypting attacks. Malware experts are finding only cosmetic changes in the pop-up that the Sepsis Ransomware creates afterward, which gives the victim an e-mail and asks for an indeterminate amount of Bitcoins for the file-unlocking help of the threat actor. As usual for the Crysis Ransomware's family, the Sepsis Ransomware sets up an informal timing deadline and offers a 'free sample' for recovering up to five files.

Treating a Bitcoin-Making File Infection before It Spreads

Widely-anticipated infection methods for most file-locker Trojans include downloads arriving through spam e-mails, along with RDP exploits and brute-force hacking against business or government servers with non-secure logins. Some PC users also could compromise their systems after downloading content through unsafe sources, such as a torrent, or loading a corrupted website without any additional protection (such as disabling JavaScript). Some versions of the Crysis Ransomware are vulnerable to the decryption tools of the cyber-security community, but this fact isn't reliable for all variants, particularly, recent releases like May's the Sepsis Ransomware or March's Arrow Ransomware.

Backing up your files to safe storage devices always gives you alternative to paying ransoms for decryptors that may not work or exist. Windows does store backup of the Shadow Volume Copies that, in some circumstances, can recover your media, but malware experts recommend not relying on that frequently-attacked feature for your data restoration solution. Over half of all notable brands of anti-malware programs are finding and removing the Sepsis Ransomware automatically as a threat and should disinfect your PC during a standard scan.

Since the Sepsis Ransomware's admins are keeping their ransom numbers to themselves, the price of unlocking your files may be anywhere from tens to thousands of dollars in value. Instead of transferring Bitcoins for a black market, file-saving service, all users should maintain traditional ways of backing their files up and protecting their computers from infections like those running rampant thanks to the RaaS industry.

Loading...