Sadstory Ransomware

What is Sadstory Ransomware?

If a CMD window warning that “the password entered is longer than 14 characters” is launched for you, this might indicate the entrance of Sadstory Ransomware because, as it is already known, this computer infection opens such a window after it enters the computer successfully and finishes encrypting users’ personal files. Make sure you select N on this window because it might be no longer possible to reach your account otherwise. Ransomware infections always cause problems if they enter computers, so it does not surprise us at all that Sadstory Ransomware acts this way. Actually, launching this window is definitely not the worst thing this malicious application does. We consider the encryption of files it performs a much more evil activity. It does not do that to make you angry or annoyed. Ransomware-type infections encrypt users’ files so that they could then demand money from users. Make sure you do not transfer a cent to cyber criminals. Better go to uninstall Sadstory Ransomware fully from your computer instead.test

What does Sadstory Ransomware do?

Sadstory Ransomware encrypts files just like other ransomware infections do, but, unlike older threats, for instance, Zinocrypt Ransomware, Kirk Ransomware, and Hahaha Ransomware, it does not leave files in their original places. For example, those files which used to be in %PROGRAMFILES% are put into the folder __SAD STORY FILES__ created by the ransomware infection. All encrypted files are placed there, but it is not the only thing that is done with them. It can be seen with the naked eye that the original names and extensions of these encrypted files are gone too. The following example illustrates what we have in mind here: picture.jpg becomes z1h7NjfVxsxquUC4QWpQ4W7ScpQ54pyzexyf.sad. As a consequence, it is hardly possible to say which of the files kept on the computer have been encrypted. Once documents, pictures, videos, music, and other valuable users’ files are all locked, a ransom note SADStory_README_FOR_DECRYPT.txt is dropped on Desktop. It tells users that their files are placed in the __SAD STORY FILES__ folder because they have been encrypted by Sadstory Ransomware “with strong chiphers.” Despite language mistakes in this ransom note, it is clear that cyber criminals want money from users. They are told that they can decrypt their files only with the special decryption tool stored on a server owned by cyber criminals. Users are told to write an email to tuyuljahat@hotmail.com or lucifer.fool@yandex.com within 96 hours if they want to get it. Most probably, they will receive an email from the author of Sadstory Ransomware explaining how to make a payment. In order to encourage users to write an email as soon as possible, bad people make a promise to users to delete a random encrypted file every 6 hours. Do not worry; you can stop this by paying the required money or deleting Sadstory Ransomware fully. Researchers do not think that it is a very good idea to send bad people money, so they suggest getting rid of the malicious application instead.

It does not necessarily mean that users who decide not to pay money for the decryption key cannot recover their files. Specialists say that they can recover files from a backup without special software. Of course, this would only be possible if this backup has been created before the entrance of this malicious application, and it is located on a USB flash drive or another external device. If copies of your files do not exist, keep those encrypted files where they are because a free decryptor should be released sooner or later.

Where does Sadstory Ransomware come from?

We should probably come clean now and admit that we do not have much information about the distribution of Sadstory Ransomware because it is a new computer infection, but it is, of course, clear that users do not download it from its official website because it does not exist. Instead, they, most likely, contribute to the entrance of this infection by opening an attachment from a received spam email. Most probably, this email attachment comes by this or a similar name: ReadMe-how_to_get_free_office365-idGHDGFGf426142GE25.pdf.exe. Ignore all spam emails you get in the future no matter that they contain decent-looking attachments. It is advisable not to download free programs (e.g. software cracks) from suspicious third-party websites too. Finally, the installation of a reputable security application would be a smart step towards the maximum protection of the system too.

How do I remove Sadstory Ransomware?

Sadstory Ransomware does not lock Desktop, does not drop numbers of files on computers, and does not apply any serious modifications in the system registry like other file-encrypting threats do, so you should manage to erase it manually. What you need to do is to remove the malicious ReadMe file from %LOCALAPPDATA% and other suspicious files from your PC. There is no point in keeping SADStory_README_FOR_DECRYPT.txt on Desktop as well although it is not a dangerous file. Let our instructions help you, and do not forget, after the removal of Sadstory Ransomware, to perform a system scan with SpyHunter to check if this infection is disabled and can no longer cause harm for sure.

Delete Sadstory Ransomware manually

  1. Launch the Windows Explorer (tap Win+E).
  2. Enter %LOCALAPPDATA% in the bar at the top of the page and press Enter.
  3. Delete a file with such or a similar name: ReadMe.pdf.exe (a longer name ReadMe-how_to_get_free_office365-idGHDGFGf426142GE25.pdf.exe might also be used).
  4. Check %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, or %TEMP%.
  5. Delete all suspicious .exe files from these directories.
  6. Remove SADStory_README_FOR_DECRYPT.txt from Desktop.
100% FREE spyware scan and
tested removal of Sadstory Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *