SOREBRECT Ransomware

Posted by Sarah Stewart on July 5, 2017

What is SOREBRECT Ransomware?

SOREBRECT Ransomware is a new and unique ransomware-type computer infection that can infect your computer secretly and encrypt your files with an AES-256-bit encryption algorithm. Therefore, removing it is crucial, but it can be too late as this program is set to encrypt your files right after the infection. Its creators want you to pay money for a decryption tool to recover your files. However, you should know that you may not receive the promised decryptor after you pay. This ransomware is bad news and is one of the most malicious programs currently out there. If you want to find out more about it, please continue reading.test

What does SOREBRECT Ransomware do?

SOREBRECT Ransomware is a malicious and highly dangerous computer infection that was designed to encrypt many of the file stored on your PC in an attempt to extract money from you. Our malware analysts say that this ransomware has been configured to use a unique AES-256 encryption key in ECB mode to encrypt your files. This ransomware generates a random encryption key that is also encrypted with an RSA-2048 key. The private decryption key is probably sent to a server, and you need to pay the ransom to get it. The sum of money required of you is not specified. You need to contact the malware creators via one of three provided email addresses that include 0xc030@protonmail.ch, 0xc030@tuta.io, and aes-ni@scryptmail.com. You can also contact them via BitMsg if you do not receive an email reply within 48 hours.

Researchers say that this new ransomware can encrypt many of your personal files such as your documents, photos, videos, and audio files. This ransomware was configured to append the encrypted files with an ".aes_ni_0day" file extension that signifies that a file was encrypted. However, it is set to skip several file types that include .exe, .dll, .lnk, and .sys. After the encryption is complete, SOREBRECT Ransomware will drop a ransom note file named "!!! READ THIS - IMPORTANT !!!.txt" in each directory with encrypted files.

Researchers say that this ransomware is unique in the way it infects your PC. SOREBRECT Ransomware can inject malicious code into a legitimate system process named “svchost.exe.” It deletes the system’s event logs using “wevtutil.exe” and shadow copies with “vssadmin.” What is also unique about this program is that it was created to target computers of companies that operate in manufacturing, technologies, telecommunications, and so on.

Where does SOREBRECT Ransomware come from?

Our cyber security experts say that SOREBRECT Ransomware compromises administrator credentials using a brute force attack. It can be distributed via Remote Desktop Protocol (RDP) and PsExec to inject your PC. Researchers say that PsExec is much simple to use compared to RDP. Due to the fact that SOREBRECT Ransomware is a fileless ransomware as it injects its code to “svchost.exe,” PsExec can take advantage of its fileless and code injection abilities.

Researchers say that this ransomware was initially distributed in Middle-Eastern countries such as Kuwait and Lebanon. However, many cyber security experts have since reported that this ransomware is now being distributed globally. Of particular note is that it is now distributed in Canada, Mexico, Japan, Taiwan, Russia, China, Croatia, and Italy. However, regardless of this list, you should make sure that your company’s PC is secure and can withstand a cyber attack by SOREBRECT Ransomware.

How do I remove SOREBRECT Ransomware?

As you can see, SOREBRECT Ransomware is one malicious piece of programming that can enter your computer by stealth and encrypt your files. So since it targets the computers of companies specifically, your business can have major problems because of that. Therefore, you ought to remove it as soon as you can. Do not trust cyber crooks to send you the decryption key as all they care about is money. We recommend using SpyHunter’s free scanning feature to detect this ransomware and then go to its location and delete it.

Removal Guide

  1. Go to your web browser.
  2. Visit http://www.anti-spyware-101.com/download-sph
  3. Download SpyHunter-Installer.exe and run it.
  4. Launch the program and click Scan Computer Now!
  5. Save the file path(s) of the malicious file(s) from the scan results.
  6. Press Windows+E keys.
  7. Enter the file path(s) in File Explorer’s address box and hit Enter.
  8. Find and right-click the malicious file(s) and then click Delete.
  9. Empty the Recycle Bin. 100% FREE spyware scan and
    tested removal of SOREBRECT Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *