Sadly Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 11,488 |
Threat Level: | 100 % (High) |
Infected Computers: | 140 |
First Seen: | September 1, 2017 |
Last Seen: | September 1, 2023 |
OS(es) Affected: | Windows |
The Sadly Ransomware is one of the many variants of HiddenTear. This is an open source ransomware platform that was released in August 2015 for educational purposes. Since its release, the con artists have adapted HiddenTear to create countless ransomware Trojans, one of the most recent being the Sadly Ransomware. The Sadly Ransomware may enter the victims' computers vis corrupted spam email attachments. These spam email attachments may take the form of Microsoft Word documents with enabled macro scripts that download and install the Sadly Ransomware on the victims' computer. Today, ransomware Trojans based on HiddenTear account for a very large percentage of ransomware attacks in the wild. The Sadly Ransomware is a very heavily modified version of the original HiddenTear code.
Table of Contents
Sadly, the Sadly Ransomware Attack is Very Effective
PC security researchers observed the Sadly Ransomware on online anti-virus platforms. This is quite common; the con artists will often upload versions of their new threat creations to test their ability to bypass established anti-virus measures. The Sadly Ransomware is very similar to other HiddenTear variants released in the last few months. It is still unclear whether the Sadly Ransomware was created independently or if it belongs to a larger family of ransomware Trojans. Most of these attacks are very similar, only varying in the branding and language used in their ransom notes and the amount of money they demand from the victim in exchange for the decryption key that is crucial to recovering the files encrypted by the attack.
Explaining a Sadly Ransomware Infection
Like most ransomware Trojans, the purpose of the Sadly Ransomware is to take the victim's files hostage. To do this, the Sadly Ransomware uses a combination of the AES and RSA encryptions to make the victim's files inaccessible. Once the Sadly Ransomware has done this, the Sadly Ransomware delivers a ransom note designed to scare the victim into paying a large ransom to recover the affected files. In its attack, the Sadly Ransomware tends to target the user-generated files, which includes file types such as music, video, photos, texts, eBooks, spreadsheets, configuration files, databases, and many others. The key is to make the victim's files inaccessible but still preserving the Windows operating system's ability to function so that a ransom note can be delivered to the victim. The Sadly Ransomware uses the following ransom note in its attack, displayed in a program window on the affected PC:
'Your photo, documents, databases, video and other important files have been encrypted with unique key. Private decryption key is stored on a private Server and nobody can decrypt it, until you pay and obtain the private key. You only have 60 hours to submit the payment. If you don't send the money within provided time, all your files will be permanently crypted and no one will be able to recover them. Click "Decrypt" When you have your private key.'
Computer users should disregard the message in the Sadly Ransomware's ransom note. The people associated with these attacks may not keep their promise to provide the decryption key after compromising victims' files. They are just as likely to demand more money, ignore the victim, or target the victim for additional attacks. Even if they do deliver the decryption key, paying the Sadly Ransomware ransom allows them to continue creating these threats and claiming new victims by financing these attacks.
Protecting Your Computer from Threats Like the Sadly Ransomware
The best protection against the Sadly Ransomware and similar ransomware Trojan infections is to have file backups. File backups give computer users the opportunity to restore the affected files from the backup copy. This destroys the con artists' strategy since they lose any leverage they have to force computer users to pay a ransom.