Satyr Ransomware
The Satyr Ransomware is a variant of the Spartacus Ransomware, a Trojan that uses asymmetric encryption for locking your files until you pay its ransom. Like its predecessor, the Satyr Ransomware also drops ransom notes and may prevent you from opening documents, pictures and other media. Have your anti-malware products remove the Satyr Ransomware on sight, if possible, and keep backups for lowering its ability for causing data loss.
A Roman Legend is Coming for Your Files
The Roman-themed Spartacus Ransomware is switching cultures to Greek in a new campaign that changes some of the money-collecting details but utilizes all of the same attacks. This variant, the Satyr Ransomware, is the only re-release of the Spartacus Ransomware available to malware experts, and it's not yet knowable whether or not it's a byproduct of the Ransomware-as-a-Service marketing, which let different con artists distribute revisions of the same Trojan relatively indiscriminately. Unfortunately, the update keeps the same means of encryption, meaning that the chances of unlocking any files for free are sparse.
The Satyr Ransomware keeps almost all of the same code as the Spartacus Ransomware and locks the images, documents, and other data it attacks by encrypting each file with hard-coded, asymmetric AES and RSA algorithms. The Satyr Ransomware also appends '.Satyr' extensions (for instance, turning 'kitten.gif' into 'kitten.gif.Satyr') to the files that it locks this way, and creates both an HTA and a TXT ransoming message. The former is of most concern to malware experts, who note that the Satyr Ransomware's pop-up could serve the double-purpose of blocking the users from their desktops by refusing to resize or minimize.
The Satyr Ransomware asks for a hundred and fifty dollar ransom in Bitcoins for its decryption help, and, unusually, specifies Telegram as the communication method of choice for any negotiations. Although this ransom is cheaper than those of most file-locking threats, such as the Jigsaw Ransomware, the Globe Ransomware, or other, RaaS families, malware analysts, still, don't encourage paying it. Con artists often accept these cryptocurrency payments without giving the buyer a real decryptor.
Ending the Frolicking of Roman Monsters
The Satyr Ransomware's name refers to goat-men hybrids of the Greek folklore, but its ransoming components all are English, and malware experts aren't connecting any distribution attempts to Greece, specifically. Traditional infection methods for file-locker Trojans like the Satyr Ransomware include all of the following, as of this year:
- Spam e-mails may disguise Trojan droppers for the Satyr Ransomware inside of attachments, such as corrupted PDF or DOC attachments.
- Con artists may hack into a network directly by using brute-force software for cracking non-secure passwords.
- The Nebula Exploit Kit and other, browser-based threats can initiate drive-by-downloads that install Trojans with little or no knowledge from the user.
- File-sharing networks may distribute threats like the Satyr Ransomware under different names, such as gaming cracks.
Since the Satyr Ransomware's cryptography routine is unbroken, like that of the Spartacus Ransomware before it, having backups is the simplest way of keeping your files recoverable, in case of an infection. Various anti-malware programs also can either block this Trojan's install routine or delete the Satyr Ransomware after it installs itself.
It's surprising to see a new version of the Spartacus Ransomware so soon after the original's identification. Whether more, similarly extortionist activity will happen within the Satyr Ransomware, and the rest of its growing family remains uncertain.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.