Sakura Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | August 5, 2022 |
| OS(es) Affected: | Windows |
The Sakura Ransomware is a type of damaging threat that is created specifically to lock its victims out of accessing their own data. The threat can affect a wide range of different file types and each encrypted file will be left in an unusable state. Typically, the attackers are the only ones who possess the decryption keys necessary for the restoration of the data. However, the Sakura Ransomware appears to be still under development or in the testing period, further limiting the options available to its victims.
The threat's encryption routine is fully functional and all targeted files will have '.Sakura' attached to their original names. The Sakura Ransomware also will deliver a ransom note with instructions, dropped on the breached devices as a text file named 'read_it.txt.' In addition, the malware will substitute the current desktop background with a new one.
The instructions left by the Sakura Ransomware state that the cybercrminals will only accept ransom payments made using the Bitcoin cryptocurrency. They also allow users to send up to 3 locked files that will supposedly be decrypted for free. The problem is that the two email addresses that users should use as a way to contact the hackers are missing. Instead, the note contains two placeholder names - 'test@test.com' and 'test2@test.com.'
The full text of Sakura Ransomware's message is:
'Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You can send 3 of your encrypted files and we decrypt it for free.
You must follow these steps To decrypt your files :
1) Write on our e-mail :test@test.com ( In case of no answer in 24 hours check your spam folder
or write us to this e-mail: test2@test.com)
2) Obtain Bitcoin (You have to pay for decryption in Bitcoins.
After payment we will send you the tool that will decrypt all your files.)'
SpyHunter Detects & Remove Sakura Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 4ccec502f148cf7ab415f6680bb7affa | 2 |
