SADStory Ransomware
Posted: March 28, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | March 28, 2017 |
---|---|
Last Seen: | April 11, 2022 |
OS(es) Affected: | Windows |
The SADStory Ransomware is an estimated update to the CryPy Ransomware, a Python-based Trojan that can block your files with data-encrypting attacks. Both Trojans share the ability to prevent you from using a comprehensive range of file formats in their attempt to force you into paying ransoms. PC owners without backups should consider implementing them, along with anti-malware protection that would delete the SADStory Ransomware during its disguised install attempts.
A Story that's as Old as the Internet
Similarities between Trojans can be coincidental, but when circumstantial evidence like the choice of coding language, C&C servers, and e-mail addresses all align, the two similar pieces of threat most likely have a relationship. Recently, malware researchers saw a new campaign deploying a file-encrypting Trojan through fake Microsoft downloads. The Trojan in question, the SADStory Ransomware bears all of those traits in common with the old CryPy Ransomware, making a case for the SADStory Ransomware being a direct update.
The campaign's current infection vectors hide inside of a fake Windows Store link that redirects the victim to a compromised website. Initially, the link appears to be leading to a download a PDF document that gives the reader help with acquiring Microsoft Office for free. This file is a disguised installer for the SADStory Ransomware.
The SADStory Ransomware, like its ancestor CryPy Ransomware, scans dozens of diverse formats, including backups, pictures, compressed archives, movies, tax information databases, documents and other content. Compared to most file-encrypting Trojan families, malware analysts note that the SADStory Ransomware includes more specialized formats, making it suitable for attacking business servers potentially. It encrypts every file fitting the list's prerequisites and gives them the '.sad' extension.
Like most file-encrypting Trojans of this month, the SADStory Ransomware delivers its extortion messages through a text note that it places on your Windows desktop. The SADStory Ransomware continues using the same, basic format of threats that its predecessor also profited from, including the same warning of deleting your files after a few hours.
Waving the Sadness Away from Your Files
The SADStory Ransomware's authors have done more than merely update the CryPy Ransomware's name and contact addresses; the SADStory Ransomware also makes use of previously underutilized features in the original program. This upgrade could allow con artists to exploit RDP settings and control the infected PC remotely. Malware analysts recommend that you disconnect an infected PC from the Internet as soon as possible, to prevent the above, and other, network-based security issues deriving from this threat.
Free decryptors sometimes can recover the data that Trojans like the SADStory Ransomware encode. However, freeware decryption software isn't always available and, likewise, con artists may not honor the agreements that they force their victims into making under duress. Having a recent backup to restore your files from is the easiest workaround to the SADStory Ransomware's payload, which may not be otherwise recoverable.
Even without its file-deleting bluffs, the SADStory Ransomware is a renewal of a very real danger to any PC with important files or an active Internet connection. Anyone without a backup will wan, particularly, to invest in anti-malware protection and delete the SADStory Ransomware preemptively, even if its download looks like something other than what it is.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 6.29 MB (6293969 bytes)
MD5: 22b66d1928db181ac6e6d6af7ea6bd8f
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 11, 2022
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.