Threat Database Ransomware Saturn Ransomware

Saturn Ransomware

By GoldSparrow in Ransomware

The Saturn Ransomware is an encryption ransomware Trojan. The Saturn Ransomware is designed to encrypt the victim's files and then demand the payment of a ransom in exchange for the decryption key, like other ransomware Trojans that follow the same attack patterns. The Saturn Ransomware was first observed in February of 2018 and is being used to carry out attacks on computer users around the world. These attacks make taking precautions against the Saturn Ransomware and similar threats, such as having file backups and using a strong security program to protect your computer, something indispensable.

The Infection Process Used by the Saturn Ransomware

It is likely that the Saturn Ransomware is a variant of the BTCWare Ransomware, which has been modified to carry out customized attacks. The Saturn Ransomware is being delivered to victims in the form of corrupted Microsoft Word documents attached to spam email messages. These email messages impersonate legitimate senders, such as Amazon or Paypal, and include damaged macro scripts that download and install the Saturn Ransomware onto the victim's computer when the Microsoft Word document is opened. Because of this, one of the best precautions against threats like the Saturn Ransomware is to be suspicious of any unsolicited email attachments and avoid opening these file types, especially with administrative privileges.

Once the Saturn Ransomware is installed on the victim's computer, the Saturn Ransomware will use a robust encryption algorithm to encrypt the victim's files, searching for the user-generated files and avoiding the Windows system files. This is because the cybercrooks want to take the victim's files hostage, but also want to ensure that Windows remains operational so that the victim can view the ransom note and pay the ransom amount. Some of the file types that the Saturn Ransomware will encrypt in its attack include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Saturn Ransomware adds the file extension '.saturn' to each affected file's name, making it simple to know which files have been compromised by the Saturn Ransomware attack.

How the Saturn Ransomware Demands Its Ransom Payment

The Saturn Ransomware will drop a ransom note onto the victim's computer after the victim's files have been encrypted. The Saturn Ransomware's ransom note takes the form of two text files dropped on the infected computer's desktop, an HTML file and a text file. These files are named '#DECRYPT_MY_FILES#.txt' and '#DECRYPT_MY_FILES#.html,' and both contain a text message delivered by the people responsible for the Saturn Ransomware attack:

'SATURN
Your documents, photos, databases, and other important files have been encrypted!
To Decrypt your files follow these instructions:
1. Download and Install Tor Browser from h[tt]ps://www.torproject[.]org
2. Run the browser 3. In the Tor Browser, open website:
h[tt]p://su34pwhpcafeiztt[.]onion
4. Follow the instructions at this website'

The people responsible for the Saturn Ransomware attack tend to demand a ransom averaging 300 USD to be paid using Bitcoin. However, following the Saturn Ransomware's instructions, paying the demanded ransom, or contacting the people responsible for the attack should be avoided. Instead, the Saturn Ransomware itself should be removed with the help of a reliable security program that is fully up-to-date. The files compromised by the Saturn Ransomware can then be restored from backup copies.

Related Posts

Trending

Most Viewed

Loading...