Satan666 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 7 |
| First Seen: | December 7, 2016 |
| Last Seen: | April 14, 2022 |
| OS(es) Affected: | Windows |
The Satan666 Ransomware is a ransomware Trojan. The Satan666 Ransomware identifies files it encrypts by using the '.locked' extension, which has been observed before in numerous other variants in the same ransomware family as the Satan666 Ransomware. Like other encryption ransomware Trojans, the Satan666 Ransomware is designed to take over the victim's computer, encrypting the victim's files to make them inaccessible. After the victim has been locked out of their files, the Satan666 Ransomware displays a ransom note demanding payment of a large ransom in exchange for the decryption utility. Ransomware Trojans like the Satan666 Ransomware use a highly effective attack that is especially devastating because the victim's files will remain encrypted and inaccessible even if the Satan666 Ransomware is removed with a reliable security program. Unfortunately, recovering the files encrypted by threats like the Satan666 Ransomware can be nearly impossible in most cases.
Table of Contents
The Satan666 Ransomware Belongs to the Hidden Tear Family of Ransomware
The Satan666 Ransomware belongs to a large family of ransomware Trojans based on an open source ransomware engine known as Hidden Tear. This ransomware engine was first released as an open source 'educational' ransomware and part of a proof of concept. Unfortunately, con artists took advantage of this freely available ransomware engine and have created numerous ransomware Trojans that use it as a basis for the attack. The Satan666 Ransomware uses the AES and RSA encryption algorithms to encrypt the victim's files. The Satan666 Ransomware targets a wide variety of files and tries to find files that could be difficult to replace, such as eBooks, media files, images, Office documents, databases, index files, and a variety of other file types. The Satan666 Ransomware searches for specific file extensions during its attack while avoiding system files. In this way, the Satan666 Ransomware is able to deliver its ransom note, since the victim's operating system remains functional, even if their files are no longer accessible.
Casting Out the Satan666 Ransomware
Just as there are numerous variants of the Hidden Tear ransomware Trojan, PC security researchers have also found numerous variants of the Satan666 Ransomware Trojan itself. Several email addresses have been associated with the Satan666 Ransomware and its variants, including the three listed below:
- devilguy666@protonmail.com
- devilguy@sigaint.org
- ea345@sigaint.org
One particular issue that has been associated with the Satan666 Ransomware attack is that it has been used to target hospitals and non-profit groups, making its name particularly appropriate. The Satan666 Ransomware's ransom note demands the payment of 1 BitCoin, which is approximate $800 USD at the current exchange rate. Unfortunately, without the decryption utility, computer users will not be able to decrypt the affected files.
Recovering from a Satan666 Ransomware Attack
Since it is nearly impossible to decrypt the files that have been made inaccessible by the Satan666 Ransomware, malware researchers advise that computer users take steps to prevent these attacks. Fortunately, there is a simple way to become invulnerable to the Satan666 Ransomware and other encryption ransomware Trojans completely: having an effective file backup method and making sure that it is up-to-date. Recovering from a Satan666 Ransomware attack can be impossible since the people responsible for the attack are just as likely to ignore the victim or ask for even more money. Having backups of all files allows computer users to recover quickly from an attack by restoring the affected files from the backup copies. This makes the Satan666 Ransomware attack completely ineffective since the con artists no longer have the leverage to demand payment from the victims. Fortunately, today it is very simple to establish an effective backup method that is low-cost or even free completely. External memory devices are plentiful and cheap, and many cloud services offer online storage for free. Having backups of all files today is just as important as having a reliable security program, especially as ransomware threats like the Satan666 Ransomware become increasingly popular.
