Satan Ransomware

The Satan Ransomware is a RaaS, or Ransomware as a Service, that is being used to infect computer users. According to the Satan Ransomware's own creators, the following is an accurate description of what the Satan Ransomware does and the service they provide to other con artists:

'What is the Satan?
Apart from the mythological creature, the Satan is a ransomware, a malicious software that once opened in a Windows system, encrypts all the files, and demands a ransom for the decryption tools.
How to make money with the Satan?
First of all, you'll need to sign up. Once you've sign up, you'll have to log in to your account, create a new virus and download it. Once you've downloaded your newly created virus, you're ready to start infecting people.
Now, the most important part: the bitcoin paid by the victim will be credited to your account. We will keep a 30% fee of the income, so, if you specified a 1 BTC ransom, you will get 0.7 BTC and we will get 0.3 BTC. The fee will become lower depending on the number of infections and payments you have.'

Instead of Your Soul this Ransomware Wants Your Money

Anyone can register for an account and create a customized variant of the Satan Ransomware, which makes this threat particularly threatening. It is up to each user to decide how to spread their newly created Satan Ransomware variant. Common methods include using botnets to send out massive amounts of infected spam email messages, as well as hacking certain Web pages so that they will infect the visitors' computers. Other methods that could be used to distribute the Satan Ransomware include disguising the Satan Ransomware as a popular file download on file sharing networks and using corrupted advertisements to trick computer users into downloading this threat.

How the Satan Ransomware Attack Works

Once a con artist has created a customized version of the Satan Ransomware, they can make certain changes, such as changing the ransom amount and configuring the Satan Ransomware so that the ransom amount will increase over a certain amount of dates. However, it does not seem that the creators of the Satan Ransomware give their clients many customization options, at least when compared to other known RaaS services.

One of the most threatening aspects of the Satan Ransomware, however, is that it includes a page on Droppers, which provides resources to assist clients in creating corrupted installers and files that abuse macros on Microsoft Word, which can then be distributed using a variety of methods. This help with distribution has not been observed before with other RaaS providers, making it possible that the Satan Ransomware may attract more active users and result in a higher amount of infections. Apart from the page on Droppers, the Satan Ransomware also includes a Translate page that allows con artists to create ransom notes for their Satan Ransomware variant in numerous different languages.

A Brief Analyze of the Satan Ransomware Infection Itself

The Satan Ransomware Trojan itself is a fairly typical ransomware threat that runs on the infected computer's memory, injecting itself into other running processes. During its attack, the Satan Ransomware will encrypt the following file types:

.incpas, .mp4, .pab, .st6, .sas7bdat, .wmv, .backup, .drf, .ibank, .3ds, .odg, .cer, .tif, .cs, .dotx, .7z, .png, .bak, .ibz, .db3, .pbl, .3fr, .dxf, .nk2, .bkp, .mdf, .svg, .xlm, .3dm, .pct, .java, .pot, .sxi, .ibd, .sxw, .pspimage, .ppt, .kbx, .ppsm, .ndd, .txt, .pdb, .say, .backupdb, .fla, .swf, .asx, .accdt, .mp3, .ycbcra, .erf, .cr2, .pfx, .potx, .qby, .sqlite, .blend, .class, .pat, .odp, .gray, .qbw, .tib, .thm, .htm, .mos, .rm, .key, .std, .tlg, .lua, .pst, .sqlitedb, .grey, .cdr4, .dc2, .ce1, .ps, .tex, .eml, .xlam, .pages, .st8, .jar, .st7, .potm, .sdf, .db-journal, .pcd, .aspx, .rwl, .kpdx, .fmb, .xlr, .gry, .kc2, .oil, .moneywell, .xlk, .sti, .accdr, .oth, .c, .xml, .nd, .mdb, .pem, .erbsql, .bpw, .ffd, .ost, .pptm, .dwg, .zip, .qbm, .cdx, .des, .dng, .pdd, .cfp, .nyf, .cgm, .sldm, .xla, .odf, .raf, .crw, .mef, .raw, .x11, .nsd, .fff, .design, .dcs, .ptx, .al, .ns2, .bik, .back, .accdb, .nwb, .cpi, .ads, .odt, .sqlite3, .docm, .drw, .pl, .nx2, .fpx, .rdb, .otp, .msg, .accde, .agdl, .php, .csv, .py, .rtf, .ach, .sda, .ddd, .asf, .dotm, .cmt, .h, .hbk, .xlsx, .s3db, .tga, .wav, .iif, .dxb, .sql, .db, .sd0, .bgt, .djvu, .jpg, .doc, .craw, .mpg, .sxd, .kdc, .jpeg, .psafe3, .flac, .dtd, .act, .qba, .vob, .cdrw, .eps, .bkf, .mdc, .rar, .mov, .cdf, .m4v, .ab4, .bank, .pps, .cib, .dot, .dgc, .exf, .flv, .xlsb, .ddrw, .adb, .srw, .plc, .csh, .xls, .fxg, .otg, .pas, .xlt, .indd, .rwz, .xltx, .apj, .stw, .xltm, .orf, .ott, .qbb, .max, .cls, .obj, .docx, .dcr, .cdr3, .qbx, .pdf, .nef, .ots, .srt, .ddoc, .rat, .phtml, .m, .dbx, .nxl, .avi, .p12, .awg, .dbf, .ns3, .mmw, .prf, .wallet, .rw2, .jin, .odc, .qbr, .ppsx, .ns4, .wpd, .wps, .nsh, .dxg, .fhd, .dac, .wb2, .nrw, .odb, .ait, .jpe, .odm, .sldx, .fdb, .acr, .war, .oab, .sxc, .cpp, .r3d, .hpp, .asm, .st5, .stx, .xis, .dds, .xlsm, .p7c, .cdr5, .3g2, .mrw, .sr2, .html, .cdr, .idx, .st4, .bdb, .kdbx, .nsg, .der, .ods, .myd, .nop, .ppam, .pptx, .yuv, .xlw, .mfw, .nsf, .csl, .php5, .p7b, .crt, .asp, .srf, .jsp, .cdr6, .sxm, .iiq, .3gp, .ce2, .arw, .bay, .ai, .sxg, .psd, .3pr, .fh, .pef .x3f, .sik, .bpp, .vmdk, .spi, .bup, .cvt, .bb, .fkc, .tjl, .dbk, .swp, .fb, .vib, .dtb, .bke, .old, .bkc, .jou, .rpb, .abk, .sav, .bkn, .tbk, .fbw, .vrb, .spf, .bk, .sbk, .umb, .ac, .vbk, .wbk, .mbk.

The encrypted files will have their names scrambled and will be identified with the extension '.stn'. The Satan Ransomware delivers its ransom note in the form of an HTML file named 'HELP_DECRYPT_FILES.html,' which is dropped in each directory where the files were encrypted.

SpyHunter Detects & Remove Satan Ransomware