SADStory Ransomware Description
The SADStory Ransomware is an estimated update to the CryPy Ransomware, a Python-based Trojan that can block your files with data-encrypting attacks. Both Trojans share the ability to prevent you from using a comprehensive range of file formats in their attempt to force you into paying ransoms. PC owners without backups should consider implementing them, along with anti-malware protection that would delete the SADStory Ransomware during its disguised install attempts.
A Story that's as Old as the Internet
Similarities between Trojans can be coincidental, but when circumstantial evidence like the choice of coding language, C&C servers, and e-mail addresses all align, the two similar pieces of threat most likely have a relationship. Recently, malware researchers saw a new campaign deploying a file-encrypting Trojan through fake Microsoft downloads. The Trojan in question, the SADStory Ransomware bears all of those traits in common with the old CryPy Ransomware, making a case for the SADStory Ransomware being a direct update.
The campaign's current infection vectors hide inside of a fake Windows Store link that redirects the victim to a compromised website. Initially, the link appears to be leading to a download a PDF document that gives the reader help with acquiring Microsoft Office for free. This file is a disguised installer for the SADStory Ransomware.
The SADStory Ransomware, like its ancestor CryPy Ransomware, scans dozens of diverse formats, including backups, pictures, compressed archives, movies, tax information databases, documents and other content. Compared to most file-encrypting Trojan families, malware analysts note that the SADStory Ransomware includes more specialized formats, making it suitable for attacking business servers potentially. It encrypts every file fitting the list's prerequisites and gives them the '.sad' extension.
Like most file-encrypting Trojans of this month, the SADStory Ransomware delivers its extortion messages through a text note that it places on your Windows desktop. The SADStory Ransomware continues using the same, basic format of threats that its predecessor also profited from, including the same warning of deleting your files after a few hours.
Waving the Sadness Away from Your Files
The SADStory Ransomware's authors have done more than merely update the CryPy Ransomware's name and contact addresses; the SADStory Ransomware also makes use of previously underutilized features in the original program. This upgrade could allow con artists to exploit RDP settings and control the infected PC remotely. Malware analysts recommend that you disconnect an infected PC from the Internet as soon as possible, to prevent the above, and other, network-based security issues deriving from this threat.
Free decryptors sometimes can recover the data that Trojans like the SADStory Ransomware encode. However, freeware decryption software isn't always available and, likewise, con artists may not honor the agreements that they force their victims into making under duress. Having a recent backup to restore your files from is the easiest workaround to the SADStory Ransomware's payload, which may not be otherwise recoverable.
Even without its file-deleting bluffs, the SADStory Ransomware is a renewal of a very real danger to any PC with important files or an active Internet connection. Anyone without a backup will wan, particularly, to invest in anti-malware protection and delete the SADStory Ransomware preemptively, even if its download looks like something other than what it is.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to SADStory Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
file.exeFile name: file.exe
Size: 6.29 MB (6293969 bytes)
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 28, 2017