Few days before the end of March 2017 cyber security team have scanned a new threat name SADStory Ransomware. This ransomware is written by Malware Group which call themselves “Mafia Malware Indonesia”. This malware group are responsible, for creating numbers of ransomware including this SADStory Ransomware. Other virus which is created by this Malware is mentioned below :
The group was first found on March 2016. Right after one year it’s new threat name SADStory Ransomware come in contact with cyber security experts. Talking about the distribution of this ransomware, the virus is easily distributed to different PC via a simple trick by spam mails. A mail claim about having Free License for MS Office 365 will be sent to the victims emails. The crypto malware uses simple trick like spam mails to make sets of victims hostage. Internet users may see advertisements for unsecured sites that offer a limited number of free licenses for Office 365 and click on the ad. Auctions initiate a connection to a PHP script hosted weakened online shop. Cybercriminals can lock the computer and ask for money, often encrypted files. After infection, the virus creates a file on the Windows desktop “SADStory_README_FOR_DECRYPT.txt” where a full detail about how to pay for unlock key to retrieve the files is given.
This “ SADStory_README_FOR_DECRYPT.txt” is all about the ransom note which will be saved on the desktop and every time get opened when user start their system or try to alter the encrypted files. The ransom note is give below :
! ! ! WARNING ! ! !
All your files are encrypted by SADStory with strong chiphers.
Decrypting of your files is only possible with the decryption program, which is on our secret server.
All encrypted files are moved to __SAD STORY FILES__ directory and renamed to unique random name.
Note that every 6 hours, a random file is permanently deleted. The faster you are, the less files you will lose.
Also, in 96 hours, the key will be permanently deleted and there will be no way of recovering your files.
To receive your decryption program contact one of the emails:
Just inform your identification ID and we will give you next instruction.
Your personal identification id: [RANDOMCHARACTERS]
On this ransom note of SADStory Ransomware there is two different contact address, which is quit similar to other ransomware create by the same Malware Group. It will always scare the victims by the showing the ransom note regularly on their system. A warning message like File will be Deleted on Every 6 Hours will make user more tense and worry about their data. On few more research the experts have found that this SADStory Ransomware is based on the CryPy Ransomware not fully based but some sorts of. Like the contact address is used same on both the ransomware.
Due to strong algorithm the decryption of the files will be hard well if you learn few trick then it will be very easy for getting your encrypted files back. This SADStory Ransomware is written in Python language, and can be very risky for the system which it infects. This ransomware will direct attack on the main files, according to the analysis this ransomware will encrypt more then 200 files. Which is why you must learn the trick to remove SADStory Ransomware from your system.
Remove SADStory Ransomware From Control Panel
- Click on start button
- Go to the Control Panel
- Select Add/Remove programs
- Locate SADStory Ransomware from installed program
- Uninstall them.
Remove SADStory Ransomware From Task Manager
- Press Ctrl + Shift + Esc keys to open Windows Task Manager
- Under Windows Task Manager
- Click on Processes Tab.
- Search for the suspicious process that running
- Click on End Process.
Get Rid Of Malicious Entries Of SADStory Ransomware From Windows Registry
- First of all you have to click on Windows + R key together, to open your Run Box.
- Now, you have to type “regedit” to open Windows registry and then search for entries related with
- Finally click on Disable option, to remove related entries.