Sekhmet ransomware has been increasing the number of its attacks around the world, the group has similarities to the ransomware controlled by the Maze barracks. But even though there are similarities, it is not part of the barracks.
Sekhmet like the vast majority of ransomware groups uses RaaS (Ransomware a as Service) tactics and double extortion.
These two tactics are extremely dangerous and aggressive, RaaS exponentially increases the capacity of attack numbers and scope of these attacks. The double extortion tactic, on the other hand, relies on blocking the company’s system by encryption and extracting sensitive files for the company to use for blackmail.
The Sekhmet ransomware maintains a site for leaking files on the Dark Web, it is worth remembering that companies are fined if their customers’ sensitive data is leaked.
The main tactic implemented by Sekhmet to break into systems are spam email campaigns, these emails carry files that contain ransomware that when downloaded evades the defences of the system and closes them, and also closes any program that could prevent the complete encryption of the files.
After encryption the system is locked and a document named “RECOVER-FILES.txt” is left behind. This document leaves instructions on how the victim can proceed to recover their files.
The group provides decryption of at least three files to demonstrate that they have the real decryption key, and they say that after the ransom is paid they will send a report to the victim demonstrating how the break-in was done.
The only thing to do after having your files encrypted by ransomware, is to take counter measures that will lessen the financial damage to the company. And, there is no guarantee that in fact the group will release the decryption key after payment.
In this scenario, the best option to do is to recover the encrypted data with a specialized company, which will not require a decryption key.
Few companies are able to do this recovery, among these companies is Digital Recovery. With over 20 years of experience we have the necessary expertise to make the recovery with total security.
All our processes are backed by the General Data Protection Regulation (GDPR) and the confidentiality agreement (NDA).
We can recover virtually any storage device, whether HDDs, SSDs, Databases, RAID systems, Storages (NAS, DAS, SAN), Virtual Machines and others.
Count on Digital Recovery to recover your encrypted files.