Sadly Ransomware

Posted: August 31, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 82

Sadly Ransomware Description

The Sadly Ransomware is an update of the RanRans Ransomware from the Hidden Tear family. Current builds of this threat include bugs that prevent its payload from working as intended. However, future revisions could enable the Sadly Ransomware to block files on your PC permanently by encrypting them. Backing up your media can eliminate the potential bargaining leverage this Trojan could use for extorting money from you, and a variety of anti-malware products can uninstall the Sadly Ransomware or block its installation routine safely.

The RanRans Ransomware Ran Away from Good Coding Practices

Spring of 2017 became a time of rebirth for one variant of Hidden Tear, which began campaigns for encrypting data and extorting money afterward through Trojans like the BlackRose Ransomware and the RanRans Ransomware. Although malware experts see limited evidence of updates between then and now, that appears to be changing with the Sadly Ransomware, a new spin-off of these Trojans. Since its code is buggier than that of previous threats of the same sub-family, its appearance may be the work of a third-party threat actor instead of the original developer.

The Sadly Ransomware infections may attack popularly-used types of media, such as Word documents or Bitmap pictures, by trying to encrypt them using a Rijndael or the AES algorithm. Areas at risk include the contents of the user's Documents or Downloads folders along with desktop shortcuts. However, thanks to an invalid argument reference in the code, all samples of the Sadly Ransomware so far available to malware experts crash during their attempted encryption routine.

This Trojan also has a ransom-delivering component that's meant to solicit payments in exchange for the decryption service that the victim may or may not need for unlocking the above files. The threat actor is demanding an unspecified amount of money within sixty hours before claiming to delete the decryption key automatically. These attacks usually specify currencies with limited refund policies for the buyer, and victims should consider all alternate means of data restoration before paying for a code that the threat actor might not provide.

Keeping Sadness out of Your Files

Even though the Sadly Ransomware is an imperfect, glitched product with a payload that doesn't fully encrypt your PC's media, file-encrypting Trojans often experience updates that improve their attack features. At best, the Sadly Ransomware may crash before it can block any content of value on the PC. For users not interested in taking that risk, malware experts find backups as being the most stable and efficient solution for protecting documents, pictures, and other, often-attacked formats of data from file-encrypting threats.

The Sadly Ransomware is far from finished and has yet to provide any clear signals of its future distribution patterns. Con artists may attach installation exploits for this threat to spammed email messages, install the Trojan after brute-forcing access to a system, or bundle it in widely-distributed downloads through torrents. On the other hand, the Hidden Tear family has very little protection from detection by most security software, and any qualified anti-malware program should delete the Sadly Ransomware without needing any additional assistance.

The Sadly Ransomware's lapse of good programming practices is more concerning for its threat actor's profit margins than it is a sign of safety for anyone whom it might attack. A bug-riddled Trojan isn't a toothless one necessarily, and even bad encryption is a legitimate way of blocking a file indefinitely.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Sadly Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Sadly Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.