SEKHMET ransomware demands money for data decryption tool
Contents
SEKHMET ransomware is a computer virus that encrypts files and demands paying a ransom in exchange for data decryption tool. Variants of the ransomware are known to append various file extensions, including .HrUSsw, .WNgh, .NdWfEr and others to affected files. After successful attack on target’s computer, the ransomware creates and leaves a message from the criminals in the so-called ransom note RECOVER-FILES.txt. These ransom notes are placed into every folder containing corrupted data.
The ransom note left in the RECOVER-FILES.txt file says that the victim’s company network has been hacked into and now confidential and private data has been stolen. The note suggests the victim to contact the criminals within 3 days, otherwise the collected data will be published online.
The note explains that all files on the system were altered using a combination of RSA-2048 and ChaCha encryption algorithms. In order to decrypt files (turn them back to original state), a decryption key must be used. Unfortunately, only the criminals have this key, and it is impossible to get it in any other way.
The SEKHMET ransomware suggests that paying the ransom will ensure that data won’t appear online and get back to its initial state instantly. The criminals explain how to download Tor browser and visit the specified website to pay the ransom in cryptocurrency.
The ransomware was dubbed after the alternative website name provided in the ransom note – hxxps://sekhmet.top/uniquecode.
If your files have been affected by this malicious crypto-virus, we recommend you to remove SEKHMET ransomware as soon as possible. We typically recommend doing so with a powerful anti-malware tool. In this case, we recommend using System Mechanic Ultimate Defense.
Threat Summary
Name | SEKHMET ransomware virus |
Type | Ransomware |
File marker | .HrUSsw, .WNgh, .NdWfEr |
Ransom note | RECOVER-FILES.txt |
Ransom price | Negotiable |
Signs of infection | Impossible to open files which have new extensions now. Each folder with encrypted files has RECOVER-FILES.txt note in it. The note demands paying the ransom or all data will be leaked online. The ransom payment website is called SEKHMET, which is where the virus’ name originates from. |
Decryption tools | Not available |
Distribution | Spreads via malicious emails, downloads, infected websites |
Removal | Remove using System Mechanic Ultimate Defense while in Safe Mode or use manual removal guide below |
The ransom payment website
SEKHMET ransomware points to a payment website which has such pages – CHAT, BUY BITCOINS, and TRIAL DECRYPT. The chat page includes a chat box to contact the criminals and get a response; the buy Bitcoins page points to various websites selling the specified cryptocurrency. The Trial Decryption page suggests decrypting a file for free.
What is also interesting about this ransomware is that it states that the victim can negotiate the ransom price. It means that the criminals are willing to discuss the price the victim may be able to afford. However, we still do not recommend paying it. Please be patient – the cybercriminals might find a way to restore files for free after finding a flaw in the virus’ encryption routine.
Common ransomware distribution vectors used
SEKHMET ransomware is essentially similar to viruses from the same category – PHOBOS, NEMTY, MADO, OPQZ and others. Such malware is mostly distributed using the following techniques:
- Malicious spam emails. These deceptive emails typically contain a link or an attachment (PDF, Microsoft Word, IQY format file, etc.) which contains a ransomware payload. Clicking on such attached links/files can be fatal for your personal files.
- Illegal files available to download online. Ransomware viruses are often hidden or obfuscated as illegal paid software activation tools like KMSPico or software cracks/keygens. Downloading such files (typically via peer-to-peer file sharing agents) often results in serious damage to victim’s privacy.
To learn more about ways to protect yourself again ransomware attacks, please read this tutorial.
Easy way to remove SEKHMET ransomware from your PC
Remove SEKHMET ransomware virus and protect your PC from further damage as soon as you can. We strongly recommend using an automatic tool instead of manual removal as it ensures collecting and eliminating malware remains hidden in deepest computer system locations.
SEKHMET virus removal is explained below. Follow the steps attentively to secure your PC and clean it from dangerous remains now.
OUR GEEKS RECOMMEND
Our team recommends removing malware using a professional antivirus software.
REMOVE THREATS WITH ROBUST ANTIVIRUS
Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs.
Use INTEGO Antivirus to remove detected threats from your computer.
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
SEKHMET ransomware Removal Guidelines
Method 1. Enter Safe Mode with Networking
Step 1. Start Windows in Safe Mode with Networking
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it:
Instructions for Windows XP/Vista/7 users
- First of all, turn off your PC. Then press the Power button to start it again and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. This launches the Advanced Boot Options menu.
- Use arrow keys on the keyboard to navigate down to Safe Mode with Networking option and press Enter.
Instructions for Windows 8/8.1/10 users
- Open Windows Start menu, then press down the Power button. On your keyboard, press down and hold the Shift key, and then select Restart option.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Networking. In this case, it is the F5 key.
Step 2. Remove files associated with the virus
Now, you can search for and remove SEKHMET ransomware files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO Antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Step 1. Boot Windows in Safe Mode with Command Prompt
Instructions for Windows XP/Vista/7 users
- Shut down your PC. Start it again by pressing the Power button and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. You will see Advanced Boot Options menu.
- Using arrow keys on the keyboard, navigate down to Safe Mode with Command Prompt option and press Enter.
Instructions for Windows 8/8.1/10 users
- Launch Windows Start menu, then click the Power button. On your keyboard, press down and hold the Shift key, and then choose Restart option with the mouse cursor.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Command Prompt. In this case, press F6 key.
Step 2. Start System Restore process
- Wait until system loads and command prompt shows up.
- Type cd restore and press Enter, then type rstrui.exe and press Enter. Or you can just type %systemroot%system32restorerstrui.exe in command prompt and hit Enter.
- This launches System Restore window. Click Next and then choose a System Restore point created in the past. Choose one that was created before ransomware infection.
- Click Yes to begin the system restoration process.
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.
Alternative software recommendations
Malwarebytes Anti-Malware
Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense
If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
Leave a Reply