Sigrun Ransomware

What is Sigrun Ransomware?

Sigrun Ransomware is a malicious file-encrypting program that can ruin all private files available on the device. It leaves alone only the data belonging to the computer’s operating system or other software and all executable files no matter in which folder they are. Such files should not be marked with the malware’s extension (.sigrun) as it should be used to mark enciphered files only. What’s more, after the encryption process is over, the malicious program may display a ransom note. According to our researchers at Anti-spyware-101.com, it should claim the victim has to email the hackers if he wants to get his files back. Knowing this would most likely lead to them asking you to pay a ransom we do not recommend contacting Sigrun Ransomware’s developers. Not only the sum could be significant, but also there is a chance you might be tricked. Therefore, if you do not want to take any chances, it would be best to concentrate on the threat’s removal. As always to help you with this task we prepared detailed deletion instructions located a bit below this text.

Where does Sigrun Ransomware come from?

There are a few ways users may come across this malicious program. For example, Sigrun Ransomware might be spread via Spam emails in which case the computer should get infected after the user opens the harmful file attached to the email. Moreover, the threat might be bundled with software distributed on untrustworthy file-sharing web pages or its installers alone could be spread through malicious advertisements, fake updates, harmful websites, etc. One way or the other, it is important to realize one should be extra cautious with any data received with Spam emails, advertised on suspicious pop-ups, or downloaded from doubtful web pages. The safest choice would be to keep away from such content, but if you do not think you can do so all the time, we recommend at least scanning data coming from unreliable sources with a legitimate antimalware tool. By doing so, users could find out if the file is malicious or not without endangering the computer.

How does Sigrun Ransomware work?

The main malware’s task is to take user’s private data as a hostage, so soon after Sigrun Ransomware settles in it should begin enciphering all important files. To be more precise, our researchers say the threat should encrypt all data except executable files and the data placed on %WINDIR%, %PROGRAMFILES%, %PROGRAMFILES(x86)%, or %ALLUSERSPROFILE%. As we explained earlier, all damaged files are supposed to be marked with the .sigrun extension.

The interesting part is the malware does not start the encryption process if the victim is using Russian keyboard. We suspect it is merely because the malicious program’s developers could be from Russian and may not wish to harm devices of their countrymen. However, if you are not from the mentioned country, you should eventually notice not only the changes to your files but also copies in every directory of two files named RESTORE-SIGRUN.txt and RESTORE-SIGRUN.html. If you launch them, you should see a message form Sigrun Ransomware’s creators; saying: “In order to restore it you need to contact with us via e-mail. sigrun_decryptor@protonmail.ch.”

As explained earlier the hackers would probably ask you to transfer a ransom, and it is entirely possible they could later ask for even more money or trick you in any other way. Thus, we recommend not to take any risks and simply remove the malware.

How to eliminate Sigrun Ransomware?

More experienced users could get rid of the malicious program manually. The task might not be easy, but if you complete it while following our prepared removal instructions, you might manage. In case it appears to be too complicated; we would recommend using a legitimate antimalware tool instead. With its help users could erase Sigrun Ransomware with a single mouse click; all there is to do is set the tool scan the system and wait till it provides a deletion button.

Erase Sigrun Ransomware

1. Press Ctrl+Alt+Delete.
2. Select Task Manager.
3. Search for the malware’s process.
4. Select this process and click End Task.
5. Leave Task Manager.
6. Tap Windows key+E.
7. Navigate to the following paths:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Find the file that infected the device.
9. Right-click the malicious file and press Delete.
10. Find all files titled RESTORE-SIGRUN.html and RESTORE-SIGRUN.txt.
11. Right-click the ransom notes separately and choose Delete.
12. Close File Explorer.
13. Empty your Recycle bin.
14. Restart the system. Download Removal Tool100% FREE spyware scan and
    tested removal of Sigrun Ransomware*