Seon ransomware ver 0.2 is a file locking malware that asks $1,500 in Bitcoin in exchange for the decryptor

Seon ransomware 0.2 is the newest variant of Seon virus and was first spotted in late March by security researcher JAMESWT. Once inside the system, it heavily modifies the Windows operating system and then performs the encryption procedure. It encodes files using AES cipher and appends the same extension as its previous versions – .FIXT. After that, Seon ransomware ver 0.2 contacts a Command and Control server in order to provide users with a ransom note which comes in two forms – a pop-up window called SEON Ransomware ver. 0.2 and a text document YOUR_FILES_ARE_ENCRYPTED.TXT. Hackers actively prompt victims contacting them via seonunlock@protonmail.com or seonunlock@naver.com and paying $1,500 in BTC for file decryptor. As usual, experts advise not to proceed with the payment but instead focus on Seon ransomware ver 0.2 removal and alternative file recovery methods.
| Name | Seon ver 0.2 |
| Type | Ransomware |
| Family | Seon |
| First spotted | End of March 2019 |
| Encryption algorithm | AES |
| File extension | .FIXT |
| Ransom note | YOUR_FILES_ARE_ENCRYPTED.TXT, SEON Ransomware ver. 0.2 |
| Contact emails | seonunlock@protonmail.com or seonunlock@naver.com |
| Ransom size | $1,500 in Bitcoin |
| Decryptable? | No |
| Termination | Download and install security tool that can recognize the threat |
| Recovery | Use FortectIntego to repair damaged Windows system files |
It is yet unknown what distribution methods Seon ransomware 0.2 uses, but some of the previous variants were spotted being distributed via GreenFlashSundown exploit kit. In other cases, victims might get infected when downloading software cracks, fake updates, opening malicious spam email attachments, failing to update their operating system on time, etc.
After Seon ransomware ver 0.2 virus is installed, it modifies Windows Registry,[1] establishes communication with a remote server, deletes Shadow Volume Copies and Windows startup repair function, etc. After this, the malware performs data encryption process, after which users are unable to access personal files.
However, Seon ransomware 0.2 does not only encrypt your data and demands ransom for its return. It also works as a data stealer, as it reads all files that contain passwords to the applications installed on the Windows OS. For that reason, users should hurry up and delete Seon ransomware ver 0.2 ransomware from their devices as soon as possible.

For that, we recommend using security software that can recognize the threat under the following names:[2]
- Heuristic.HEUR/AGEN.1025965
- Ransom.Seon
- HEUR/AGEN.1025965
- Win32:Malware-gen
- Trojan-Ransom.Win32.Encoder.bxg
- A Variant Of Win32/Filecoder.NSV
- Etc.
Seon ransomware 0.2 then drops a ransom note YOUR_FILES_ARE_ENCRYPTED.TXT which states:
SEON RANSOMWARE ver 0.2
all your files has been encrypted
There is only way to get your files back: contact with us and pay $1500
We accept Bitcoin and other cryptocurrenciesDo not try to reinstall operation system on your computer
Do not try to decrypt files with third party tools, this can lead to data loss
You can decrypt 1 file for free
Our contact emails:
seonunlock@protonmail.com
seonunlock@naver.com
Experts recommend never trusting hackers behind Seon ransomware ver 0.2, as they can be bluffing. Previous cases have shown, that some of the ransomware viruses cannot even be decrypted by its authors, while others simply fail to deliver the decryptor after the payment.[3]
Therefore, you should do everything that hackers tell you not to do: remove Seon ransomware 0.2, restore your system with tools like FortectIntego and then use third-party recovery software in case you have no backups available.
Exploit kits are one of the most sophisticated ransomware delivery methods
Ransomware authors who deliver malicious payload via the exploits rely on software vulnerabilities. These are software flaws that can be exploited by hackers in order to infect the host with malware. All users have to do is being redirected to a malicious website, which can be achieved with such tools like adware or links might be hosted on hacked or third-party download sites.
Software vulnerabilities that have not been discovered yet and can be exploited are called Zero-days. Fortunately, the patches for such critical flaws are released swiftly. All users have to do is make sure to update their system – it will render their machines immune to the exploitation.
Unfortunately, as practice shows, there are thousands of machines that are not being updated for years. Additionally, some users are still using outdated systems like Windows XP, support for is not provided by Microsoft anymore. Therefore, make sure you are using the newest version of your operating system and get rid of Windows XP!
Vulnerabilities can also be exploited on third-party applications, such as Adobe Flash, Drupal,[4] WordPress, etc. Thus, update your system along with all the software installed on it, and you will eliminate the chance of being infected by a variety of computer viruses.
Additionally, you should enable Firewall, use useful anti-malware software, beware of spam emails, use ad-blocker, avoid software cracks, and generally be more careful when browsing the web.
Seon ransomware ver 0.2 can steal your passwords: remove it without thinking twice!
As we already mentioned, Seon 0.2 virus can read files that store passwords to all your installed applications, including Twitter, Outlook, Xbox Live, etc. For that reason, it is vital to remove Seon ransomware ver 0.2 as soon as possible, as hackers might use the stolen data for illegal purposes.
In case Seon ransomware 0.2 is tampering with your anti-malware software, you should access Sade Mode with networking – we explain how to do that below.
Thus, as soon as you complete Seon ransomware ver 0.2 removal using security software, you should immediately change your passwords on all your accounts and consider using a password managing program, as well as two-factor authentication.
It might not be possible to retrieve files locked by .FIXT extension just yet, as no official decryptor is yet available. Nevertheless, you can try using third-party software that might be able to retrieve at least some of your files.
Was this guide helpful?
Be the first to comment