SADStory Ransomware

Posted: March 28, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 74

SADStory Ransomware Description


The SADStory Ransomware is an estimated update to the CryPy Ransomware, a Python-based Trojan that can block your files with data-encrypting attacks. Both Trojans share the ability to prevent you from using a comprehensive range of file formats in their attempt to force you into paying ransoms. PC owners without backups should consider implementing them, along with anti-malware protection that would delete the SADStory Ransomware during its disguised install attempts.

A Story that's as Old as the Internet

Similarities between Trojans can be coincidental, but when circumstantial evidence like the choice of coding language, C&C servers, and e-mail addresses all align, the two similar pieces of threat most likely have a relationship. Recently, malware researchers saw a new campaign deploying a file-encrypting Trojan through fake Microsoft downloads. The Trojan in question, the SADStory Ransomware bears all of those traits in common with the old CryPy Ransomware, making a case for the SADStory Ransomware being a direct update.

The campaign's current infection vectors hide inside of a fake Windows Store link that redirects the victim to a compromised website. Initially, the link appears to be leading to a download a PDF document that gives the reader help with acquiring Microsoft Office for free. This file is a disguised installer for the SADStory Ransomware.

The SADStory Ransomware, like its ancestor CryPy Ransomware, scans dozens of diverse formats, including backups, pictures, compressed archives, movies, tax information databases, documents and other content. Compared to most file-encrypting Trojan families, malware analysts note that the SADStory Ransomware includes more specialized formats, making it suitable for attacking business servers potentially. It encrypts every file fitting the list's prerequisites and gives them the '.sad' extension.

Like most file-encrypting Trojans of this month, the SADStory Ransomware delivers its extortion messages through a text note that it places on your Windows desktop. The SADStory Ransomware continues using the same, basic format of threats that its predecessor also profited from, including the same warning of deleting your files after a few hours.

Waving the Sadness Away from Your Files

The SADStory Ransomware's authors have done more than merely update the CryPy Ransomware's name and contact addresses; the SADStory Ransomware also makes use of previously underutilized features in the original program. This upgrade could allow con artists to exploit RDP settings and control the infected PC remotely. Malware analysts recommend that you disconnect an infected PC from the Internet as soon as possible, to prevent the above, and other, network-based security issues deriving from this threat.

Free decryptors sometimes can recover the data that Trojans like the SADStory Ransomware encode. However, freeware decryption software isn't always available and, likewise, con artists may not honor the agreements that they force their victims into making under duress. Having a recent backup to restore your files from is the easiest workaround to the SADStory Ransomware's payload, which may not be otherwise recoverable.

Even without its file-deleting bluffs, the SADStory Ransomware is a renewal of a very real danger to any PC with important files or an active Internet connection. Anyone without a backup will wan, particularly, to invest in anti-malware protection and delete the SADStory Ransomware preemptively, even if its download looks like something other than what it is.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to SADStory Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 6.29 MB (6293969 bytes)
MD5: 22b66d1928db181ac6e6d6af7ea6bd8f
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 28, 2017
Home Malware Programs Ransomware SADStory Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.