Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Aug 2017

How to remove Sifreli ransomware virus

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Gabriel E. Hall · Passionate web researcher

Sifreli ransomware continues attacking Turkish computer users

Screenshot of the ransom note by Sifreli

Sifreli is a Turkish[1] ransomware virus that appends .sifreli extension to each of the targeted files. For the first time, malware was seen in 2014. However, after three years the virus has been updated.

After the infiltration and data encryption, Sifreli virus drops a ransom note where author informs about the unpleasant situation and give instructions what victims need to do. According to the message, the developer is a system engineer who looks up for system security vulnerabilities and exploits them in order to launch the attack.

The ransom note informs about encrypted files and stolen personal information. In order to get back the files and protect personal information from being published on the Internet, people have to pay the ransom. However, in order to learn the price for their data, victims have to send an email to muhendis@mail.ua.

However, after ransomware attack, you should not worry about your files. The first thing you have to do is to remove Sifreli from the computer in order to avoid other possible damage. Malware might track some personal information and affect legitimate system processes. Thus, your identity and computer might be at great risk.

Therefore, after the attack, you should scan the device with professional security software immediately. The program, such as FortectIntego, will delete all malware-related components without causing any damage to the system. After the Sifreli removal, you will be able to recover at least some of the files from backups.

The image of Sifreli ransomware

Sifreli ransomware started its career in 2014

Three years ago, malware researchers found this crypto-malware attacking Turkish and British computer users. There were used two different phishing[2] email campaigns to spread the Sifreli:

  • Turkish users received a fake letter from local mobile phone operator Turkcell;
  • British users received a bogus email from Royal Mail that informed about not delivered parcel and asked to download a particular information.

When users were tricked by this scam, malware payload was dropped and executed on the system. Then the Sifreli ransomware started data encryption procedure using AES encryption algorithm. It aimed at image, audio, text, archives and other popular files and demanded to pay the ransom in 3 days.

British computer users were unable to open their files because of .encrypted files extension. Meanwhile, victims from Turkey found .sifreli extension appended to their data. Following the encryption, they found ransom notes called either PLEASE_READ.inf or LUTFEN_OKUYUN.inf where they learned that they need to send an email to it-specialist@mail.ua in order to obtain decryption software.

Crypto-malware's distribution relies on phishing emails

Just like the previous version of the malware, the new variant might be spreading via fake emails. Social engineering helps to convince users that they received an email from parcel delivery service, telecommunications company or even governmental institution. Malware executable is installed on the system when:

  • the user opens a malicious attachment;
  • the user enters a fake website and takes some required actions.

Therefore, you have to learn to identify phishing emails[3] to protect your device from ransomware attack. The most important task is to check sender’s email. If you have doubts that it’s suspicious, you should double-check contact details in the company’s official website.

Terminate Sifreli virus from the computer

Only professional security software can remove Sifreli safely from your device. If you do not know which program to choose, we suggesting FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. The instructions below will show you how to disable the virus and uninstall it with the help of security software.

However, if you are thinking about manual elimination option, you should get rid of this idea immediately. Trying to locate and delete ransomware-related files from the PC might end up with serious damage to the system.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.