Saturn Ransomware

Posted by Lisa Blanc on February 28, 2018

What is Saturn Ransomware?

Saturn Ransomware is a ransomware-as-a-service infection that was customized to fit the needs of its distributors. The program will trick you into installing it on your system, and then it will encrypt most of your files. That will be done to terrorize you into paying a ransom fee that should “release” the encrypted data. However, computer security experts would tell you that paying the ransom would not solve your problems. The thing you should definitely do right now is remove Saturn Ransomware for good. Deleting this infection is not that complicated, but there is always a chance that you will have to give up on your files.testtesttest

Where does Saturn Ransomware come from?

This infection was first detected earlier in February. Its precise distribution network is not known, but our research specialists believe that Saturn Ransomware is distributed via spam emails. It means that the installer file for this ransomware comes in a spam email attachment, and users are the ones who download and open it. Here you might think how can they do such a thing? Who would willingly infect themselves with ransomware? Of course, no one would, but this happens because users are not aware of these threats.

Spam email campaigns that spread dangerous programs use all sorts of tricks to fool users into thinking they must download the said attachments. For instance, messages that distribute malware may look like invoices from online shops or like reports from financial institutions. Users may feel inclined to check these “documents,” and by opening them, they would launch the infection. For the most part, you can simply delete those messages with no questions asked, but if you think that this particular file is important, you can always scan it with a security tool before opening it.

Aside from spam email messages, Saturn Ransomware may also spread through unsafe Remote Desktop Protocol configuration. If that is the case, then the criminals behind this program may infect your system directly through a corrupted Remote Desktop connection. This basically proves that you have to invest a lot in your system’s security. Another thing you have to invest in is your backup plan. What we mean is that you should keep a backup of your files, most preferably in an external hard drive, and do not forget to update it from time to time.

What does Saturn Ransomware do?

When users launch this infection, it encrypts user’s personal files, changes the desktop background, and drops ransom notes in every single folder that was affected by the encryption. You will notice which files have been affected by the encryption immediately because the ransomware appends the .saturn extension to every single damaged file, although it does not change the original filename. Either way, you will see that the system can no longer read the files with the new extension.

Also, this program comes with two separate ransom notes that you can find under the following filenames: #DECRYPT_MY_FILES#.html and #DECRYPT_MY_FILES#.txt. The ransom notes in each file are somewhat different. One of them says the following:

SATURN RANSOMWARE

All of your files have been encrypted!
Your photos, videos, documents, etc.
To decrypt your files follow these steps:

  1. Download and Install Tor Browser from https://www.torproject.org

  2. Run it and open website: http://su34pwhpcafeiztt.onion

  3. Follow the instructions on the site.

Unfortunately, there is no public decryption tool available for this program at the moment, so it is not possible to decrypt your files for free. That is why the system backup is extremely important in such situations. The infection goes on to say (in yet another ransom note) that if you pay within seven days, the decryption price will be 300$, but if you do not pay within a week, the price will rise to $600.

It goes without saying that you should not pay anything. You have to focus on removing Saturn Ransomware from your system and then protecting your PC from similar intruders.

How do I remove Saturn Ransomware?

It is not that hard to delete this infection. You just need to remove the file that initiated everything, along with the files this program dropped in your folders. If you do not want to do it on your own, you can delete everything automatically using a powerful antispyware tool. Whichever method you choose, please make sure that you terminate Saturn Ransomware for good.

Manual Saturn Ransomware Removal

  1. Open your Downloads folder.
  2. Remove all the recently downloaded files.
  3. Delete these files from the folders affected by the infection:
    #DECRYPT_MY_FILES#.txt
    #DECRYPT_MY_FILES#.vbs
    #DECRYPT_MY_FILES#.html
    #KEY-24e6948c9389bb6e3666827c5e012e04.KEY
  4. Run a full system scan with SpyHunter. 100% FREE spyware scan and
    tested removal of Saturn Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *