What is Sigma ransomware
Sigma ransomware is distributed via spam emails containing .docx or .rtf attachments with macros embedded. If a user has macros enabled, the script gets executed and downloads ransomware. Unlike most ransomware, Sigma doesn’t add new extensions to encrypted files and just creates ransom notes (ReatMe.txt and ReadMe.html) inside folders that contain encrypted files. At the time of writing no free decryptors exist, and the decryptor that ransomware developers offer in exchange for payment doesn’t work very well, according to users who have paid the ransom. Supposedly the decryptor crashes when encountering certain sorts of files, and some of the files stay encrypted as a result. In addition to decrypting files, there are some methods of file recovery that may or may not work in each particular case. You may follow this guide to remove Sigma and try to recover encrypted files.