Save Ransomware Description
The Save Ransomware is a file-locking Trojan from the Dharma Ransomware family. These threats are known for blocking media-related content with secure encryption, creating ransom notes that sell their unlocking help, and removing local backup information. Users can save backups to other, more secure devices for their recovery needs, and always should delete the Save Ransomware with a professional anti-malware program.
A Savior of Criminal Finances
Out of the many file-locking Trojans of 2019, Ransomware-as-a-Service remains a quality in common with most, if not all samples. As freeware equivalents like Hidden Tear' CROWN Ransomware become scarcer, criminals turn to for-hire models like RaaS and the Dharma Ransomware family. The Save Ransomware is the latest evidence of that well-trod business strategy's ongoing fiscal viability – at least, for the family's maintainers.
Locking files with encryption is the signature characteristic of the Save Ransomware's family, which includes varying members from different renters, such as the recent Crash Ransomware and the Dqb Ransomware, or the older .frendi Ransomware and the 'firstname.lastname@example.org' Ransomware. The attack uses RSA-secured AES for stopping files from opening by converting them into encrypted data, and the Save Ransomware identifies them with additional 'save' extensions visually. It also inserts an e-mail address, which malware experts believe is the usual promotion of a ransom-negotiating account.
The payload also accounts for any local backups by using shell commands for deleting the Shadow Volume Copies. Such an attack places Windows Restore Points out of bounds for restoring any files. Consequently, it pushes victims into considering the threat actor's ransom-based service, with terms that he may or may not follow.
Saving What's Yours from Trojan Interference
All the early samples of the Save Ransomware are in various security databases and threat-analyzing environments, and malware experts can't confirm infections against the public. However, most versions of the Dharma Ransomware are fully-functional and require little more than updates to addresses and text strings, for becoming fit for another campaign. The latest encryption routine for the family, also, is sufficiently secure that there is no free decryptor that can reverse the media-related effects of an attack.
Most, if not all, anti-malware products by major companies are identifying and deleting the Save Ransomware correctly, and are ideal as disinfection solutions.
Despite its name, the Save Ransomware takes, rather than saving anything from the victimized PC's owner. Whether you lose data or money, the price is one you shouldn't pay, since it's avoidable so easily.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Save Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.