Saramat Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | September 13, 2017 |
| Last Seen: | January 18, 2019 |
| OS(es) Affected: | Windows |
The Saramat Ransomware is an encryption ransomware Trojan. These threats use a common tactic that involves corrupting the victim's files and encrypting them with a strong encryption algorithm. Threats like the Saramat Ransomware then demand that the victim pay a ransom in trade for the decryption key that is needed to recuperate the affected files. Computer users ought to take steps to protect their files preemptively, to limit the potential damage from one of these attacks since this is a tactic that is becoming common increasingly.
Table of Contents
The Saramat Ransomware is Part of a Big Ransomware Family
The Saramat Ransomware uses AES encryption to make the victim's data inaccessible. The Saramat Ransomware demands its ransom in Bitcoins, which allows the con artists to receive payments anonymously. The Saramat Ransomware demands a ransom payment to a specific Bitcoin wallet as soon as it finishes encrypting the computer users' files, also demanding that the victims contact the con artists using emails.The Saramat Ransomware runs as 'Saramat.exe' on the infected computer. The Saramat Ransomware is a variant of HiddenTear, an open source ransomware family that was first created in August of 2015 for educational purposes. The con artists have adapted its code countless times to create threats since the initial release of HiddenTear. The Saramat Ransomware is just one of the countless variants of HiddenTear that have appeared since August 2015.
The Saramat Ransomware’s Infection and Encryption Process
Malware researchers first observed the Saramat Ransomware attacks in September 2017. The Saramat Ransomware will encrypt the victim's files using a strong encryption method and then deliver its ransom note, which will be displayed in a text file named 'Decrypt.txt,' which appears in the infected computer's desktop and various locations on the infected computer. When the Saramat Ransomware attack encrypts a file, it will be easy to be recognized because the Saramat Ransomware will add the file extension '.saramat' to each affected file. The Saramat Ransomware's ransom note content is displayed below:
'Welcome To My Ransomware!
Attention! Attention! Attention!
Your Files has been encrypted By :
CoNFicker RANSOMWARE
for decrypt your files
Send 0.5 Bitcoin To
1sUCn6JYa7B96t4nZz1tX5muU2W5YxCmS
And Contact us By Email :
Conftcker-decryptor@mail.ru'
There are multiple ways in which a computer can become infected. The most common way in which the Saramat Ransomware may enter a computer is through spam email attachments, which is the propagation method favored by these threats. When the victim opens a file attachment in a spam email message or clicks on an embedded link, threats like the Saramat Ransomware can be installed on the victim's PC easily. The Saramat Ransomware targets the following file extensions in its attack (among others), encrypting all corresponding files:
.7z, .7Z, .amv, .asp, .aspx, .avi, .bat, .bmp, .c, .csv, .dll, .doc, .docx, .exe, .Exe, .exe, .fla , .flv, .gif, .GIF, .gz, .html, .icns, .ico, .iso, .iso, .jar, .jpg, .JPG, .mdb, .midi, .mov, .mp3,. mp3, .mp4, .mpg, .mpv, .mtv, .odt, .ogg, .pbm, .pdf, .pdf, .php, .png, .png, .png, .ppt, .pptx, .psd, .rar, .RAR, .rtf, .rv, .rvx, .sln, .sql, .sql, .tar, .txt, .TXT, .ved, .wm, .wma, .wma, .wmv, .wmv , .xls, .xlsx, .xml, .xwmv, .zip.
A Saramat Ransomware attack can result in the loss of crucial data and applications on an affected computer as can be seen from the file types in the list above. For computer users that do not keep regular backups of their data, this can be devasting.
Protecting Your Data from the Saramat Ransomware
The best protection against the Saramat Ransomware and similar threats is to have file backups. Keep these file backups not synchronized with the main computer to avoid the backups themselves from becoming corrupted. If computer users have file backups that are updated regularly, then they can simply restore the affected files and do not need to consider paying the peoples responsible for the Saramat Ransomware. File backups, combined with a strong security program, are the best protection against the Saramat Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.