Home Malware Programs Ransomware Sphinx Ransomware

Sphinx Ransomware

Posted: November 15, 2019

Cybercriminals often do a sloppy job when it comes to creating a working payment page, and this may end up being a major problem for victims who want to pay in exchange for a decryption tool. This is exactly what the threat actors behind the newly spotted Sphinx Ransomware has done – their ransom note tells victims to visit a TOR-based payment portal for further instructions but trying to open the website results in error. This means that victims of the Sphinx Ransomware will not be able to pay the ransom fee even if they were willing to co-operate with the attacker.

Even if the Sphinx Ransomware payment page was functional, we assure you that sending money to the anonymous cybercriminals responsible for this project would be a bad idea – they offer no proof that their decryption tool works, and you will have no guarantee that they will recover your files once the payment has been made.

Av Bugged Payment Page Limits File Recovery Options

Threats like the Sphinx Ransomware may be often spread via pirated software and media, fake downloads, phishing emails, and other tricks that cybercriminals use to distribute their harmful tools frequently. If the Sphinx Ransomware ends up being run on an unprotected computer, it may execute a devastating file-encryption attack whose ultimate goal is to render the victims important files useless immediately. The malware will encrypt documents, images, archives, databases, and many other file formats that may contain valuable data. The Sphinx Ransomware also is configured to avoid encrypting files that may disrupt the victim operating system or software – it will not damage EXEs, DLLs, and similar file types.

Whenever the Sphinx Ransomware encrypts a file successfully, it will delete the original copy, and then append the '.sphinx' extension to the name of the encrypted file. The ransom note is delivered during the last stage of the attack, and it is usually found on the desktop under the name 'HOW TO DECRYPT FILES.txt.' The note does not list the attackers’ email, nor does it mention the ransom fee – it only tells victims to download the TOR browser load the payment page's URL in there.

If you are a victim of the Sphinx Ransomware, then we advise you to look for a legitimate solution that does not involve paying money to the criminals that took your files as hostages.

Related Posts

Loading...