Satyr Ransomware

Posted by Lisa Blanc on May 2, 2018

What is Satyr Ransomware?

Researchers have recently detected a ransomware infection Satyr Ransomware that was not in their database, but an in-depth analysis revealed that it is not entirely a new threat. It turned out that it is a new version of Spartacus Ransomware. It is as dangerous as the original infection, so, believe us, it would not be fun to encounter it. Our malware researchers say that it is one of those malicious applications that mercilessly encrypt files on those computers they manage to infiltrate. Ransomware-type infections act like this not without reason. Cyber criminals behind them program those ransomware infections to lock files so that they could obtain money from users easier. Satyr Ransomware is no exception. It will also demand money from you after encrypting your pictures, documents, music, videos, and other files it finds on your computer, but you should not send cyber criminals a cent because there are no guarantees that you will be given the decryption tool. To make sure that users cannot get their files back using alternative data recovery methods, Satyr Ransomware executes a command (cmd.exe", "/c vssadmin.exe delete shadows /all /quiet) that deletes Shadow Volume Copies of these affected files, but you can still recover all those files from a backup. You need to delete the ransomware infection first. It opens a window that cannot be moved, but we are sure you will successfully delete this infection manually if you read this report first and then use instructions prepared by specialists at anti-spyware-101.com.testtest

What does Satyr Ransomware do?

Once Satyr Ransomware infiltrates computers, it immediately scans %USERPROFILE%, %ALLUSERSPROFILE%, %HOMEDRIVE%, and its subfolders. Surprisingly, it does not touch %WINDIR%, %PROGRAMFILES%, and %PROGRAMFILES(x86)%. Then, it locks all files it finds inside them completely with a strong encryption algorithm. You do not need to check all files you have one by one to find out which ones were locked because those affected ones get the .Satyr extension appended. When files are encrypted, the ransomware infection drops READ ME.txt and opens a window with a ransom note. The .txt file contains only one sentence (All your data has been locked us. You want to return? Write Telegram: https://t.me/tony_montana10928 or @tony_montana10928  Your personal ID KEY: [ID]), whereas the message the opened window contains explain users how they can unlock their files. As expected, the ransomware infection demands money from users. They are told that the decryptor costs 0.018 BTC (~164 USD at today’s price). The decryption tool is not very expensive, but you should still not purchase it from cyber criminals because it is unclear whether you will get it from them. As mentioned, there is one way to restore encrypted files for free – use your backup.

Where does Satyr Ransomware come from?

Ransomware infections are sneaky threats, we have to admit, but the successful entrance of Satyr Ransomware clearly shows one thing too – your system is unprotected. According to our security experts, users contribute to the entrance of malware in, basically, all the cases, so it is very likely that you have made a mistake too. For example, if you have recently opened a suspicious email attachment or downloaded a keygen/crack from a P2P website, there is no need to analyze it further how Satyr Ransomware has entered your system. Also, security specialists say that it might be spread via hacked RDPs. Either way, the entrance of malware shows that the system is not protected enough. You do not need to know much about malware to be able to prevent it from entering your system. You just need to install a reliable security application on your computer. As long as it stays active and gets the latest updates, you will be fine.

How to remove Satyr Ransomware

Satyr Ransomware does not create an entry in the Run registry key, meaning that it cannot start working automatically on every system startup, but you might launch it yourself again one day and find even more files locked. Therefore, its removal should be your priority. To delete it manually, you, first, need to kill the process of the malicious file that was executed. This action will close the window opened on your Desktop. Then, you need to remove the malicious file itself. Finally, remove the .txt file dropped by the ransomware infection. Alternatively, Satyr Ransomware can be erased fully with an automated malware remover. Unfortunately, your files will stay encrypted in this case too.

Satyr Ransomware removal guide

  1. Press Ctrl+Shift+Esc to open Task Manager.
  2. Check all listed processes under Processes.
  3. Kill the malicious process (it should have the same name as the malicious executable launched).
  4. Delete the malicious file opened.
  5. Remove READ_ME.txt.
  6. Empty Trash. 100% FREE spyware scan and
    tested removal of Satyr Ransomware*

Stop these Satyr Ransomware Processes:

Spartacus Satyr Variant.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *