Sage Ransomware

The Sage Ransomware is a typical ransomware Trojan that is used to encrypt the victims' files and then demand ransom in exchange for the decryption key. PC security analysts suspect that the Sage Ransomware is related to the TeslaCrypt family of ransomware after studying the Sage Ransomware's code. If the Sage Ransomware has been installed on your computer, PC security researchers advise computer users to avoid paying the ransom, since this seldom results in the recovery of the affected files.

Sage PC Users will be Protected Against the Sage Ransomware

The Sage Ransomware encrypts the victim's data by using a strong encryption algorithm. After encrypting the victim's files, the Sage Ransomware shows a ransom note to the victim in the form of a pop-up message. The text of the Sage Ransomware's ransom note reads as follows:

'ATTENTION!
the Sage encrypted all your files!
—————————–
All your files, images, videos, and databases were encrypted and made inacessible by software known as the Sage.
You have no chance to restore the files without our help.
But if you follow our instructions files can be restored easily.
Instructions on how to get your files back are stored on every disk,
in your documents and on your desktop.
Look for files !Recovery_2g0zr9.txt and !Recovery_2g0zr9.html
If you can't find this files, use the program 'Tor Browser'(you can find it in Google)
to access the (onion)Web site http://qbxeaekvg7o3lxnn.onion to get your instructions'

The Sage Ransomware asks for $560 USD in BitCoin, doubling the amount if the ransom has not been paid within a week. Paying the Sage Ransomware ransom may not result in access to the decryption key.

The Phases of a Sage Ransomware Infection

The Sage Ransomware attack is basic, but effective. the Sage Ransomware has some basic methods to avoid detection by security software, and uses the AES 256 and RSA 1024 encryption to make the victim's files inaccessible. During its attack, the Sage Ransomware scans the victim's computer in search for certain file types to encrypt. The Sage Ransomware will encrypt the following file types:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The Sage Ransomware also will encrypt a variety of rare file types associated with programs such as Adobe Photoshop or other specialized applications. The Sage Ransomware delivers its ransom note as a text file and an HTML file, both dropped on the victim's Desktop. The Sage Ransomware will also change the victim's Desktop image into its ransom note.

Recovering from a Sage Ransomware Attack

The best defense against threats like the Sage Ransomware is to have backups of all important files. This allows a quick recovery by restoring the affected files from the backup. Recovering from a Sage Ransomware can be a significant expense, especially for individual computer users rather than small businesses or medium-sized businesses, which are also targeted in these attacks. Paying the Sage Ransomware ransom allows these people to continue creating these attacks. Instead, PC security researchers strongly advise computer users to have strong backup methods. Having backups of files makes attacks like the Sage Ransomware completely ineffective. In fact, if having backups of all files becomes a standard practice eventually, it is likely that attacks that follow the Sage Ransomware's methods will become completely obsolete since the con artists no longer have any leverage to demand payment of a ransom.

SpyHunter Detects & Remove Sage Ransomware