SaveTheQueen Ransomware

Posted by Max Lehmann on December 12, 2019

What is SaveTheQueen Ransomware?

SaveTheQueen Ransomware is a recently created file-encrypting threat. It is possible that we encountered a test version, which means the malware could still be in development. Our researchers think so because the malicious application does not drop a ransom note. Showing a ransom note is typical behavior for ransomware as such programs are mostly used to extort money from regular home users, businesses, or institutions. Further, we explain how our encountered variant works, how it could be distributed, and how it could be erased if it enters a system. At the end of this text, we also provide deletion steps that show how to remove SaveTheQueen Ransomware manually, although we cannot guarantee the instructions will still work if hackers release a new version of the malware.

Where does SaveTheQueen Ransomware come from?

Our researchers at Anti-spyware-101.com say that it is possible that SaveTheQueen Ransomware is not being spread yet. If it was, the malicious application could travel with malicious email attachments, questionable setup files, and suspicious pop-ups or other ads. Usually, we advise keeping away from any material that you are not one hundred percent sure about to avoid being tricked into launching malware. Generally, it is advisable to scan all files that are received from unknown senders or downloaded from doubtful sources with a legitimate antimalware tool. Such a tool should be able to tell if a file is malicious or not. Also, it could help you get rid of downloaded files that are classified as potentially dangerous.

How does SaveTheQueen Ransomware work?

The malicious application does not seem to need to drop any other files. It is enough to open its launcher, which could be any recently obtained file, and the malware should start running from the directory where its launcher was placed. SaveTheQueen Ransomware’s primary task seems to be encrypting users’ data with a strong encryption algorithm. However, the threat encrypts files only if they are located in the %USERPROFILE%, %APPDATA%, and %HOMEDRIVE% directories. Moreover, our researchers report that the malicious application can encrypt all file types except ones with the .dll, .iso, and .exe extensions.

In most cases, file-encrypting threats like SaveTheQueen Ransomware show a ransom note soon after encrypting a victim’s files. Such notes often contain a short explanation of what has happened to a user’s data and how to restore it. For instance, hackers may claim they can decrypt your files themselves or send you needed decryption tools so you could decipher them yourself. Either way, cybercriminals may ask to pay a ransom in return. The reason we always advise against paying it is that there are no guarantees that hackers will deliver what they promise. In other words, you could end up paying for something you might never receive. Nevertheless, the version we tested did not drop any notes. Thus, you might not need to consider whether getting a decryptor would be worth risking your money if your system gets infected with a variant that does not drop a ransom note.

How to eliminate SaveTheQueen Ransomware?

Since the version we tested does not create any additional files, deleting SaveTheQueen Ransomware manually might not be that complicated. If you want to learn how to get rid of it manually, you should check the instructions available below. If the process seems difficult or you suspect you may have received a different variant, we highly recommend removing SaveTheQueen Ransomware with a legitimate antimalware tool. All there is to do is install a reliable security tool, perform a full system scan, and click the deletion button it ought to display after the scan.

Remove SaveTheQueen Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Click Windows key+E.
  7. Locate these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  8. Locate the malicious application’s launcher, right-click it, and select Delete.
  9. Exit File Explorer.
  10. Empty your Recycle Bin.
  11. Restart the computer. 100% FREE spyware scan and
    tested removal of SaveTheQueen Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *