Satyr Ransomware is a malicious application designed to lock files on users’ computers, so we can assure you that you will find the majority of your files locked if it ever slithers onto your computer. Research has shown that this infection is a new version of Spartacus Ransomware, so it is not a surprise that it acts the way it does. As research has shown, this malicious application uses the AES encryption algorithm to lock files found on affected computers. In addition, it deletes Shadow Volume Copies of all files it encrypts. Because of this, there are not many ways to decrypt those files without the special decryptor cyber criminals claim to have. It does not mean that you should go to purchase it from them. This is never a good idea because the chances are high that cyber criminals will take your money, but you will not get anything from them in exchange. You will also encourage the author of Satyr Ransomware to develop even more threats in the future by making a payment, so you should not even consider transferring money to it. If you do not purchase the decryptor, you could only get your files back by recovering them all from a backup. Needless to say, you must delete the ransomware infection from your system first.
Satyr Ransomware will scan %USERPROFILE%, %ALLUSERSPROFILE%, and %HOMEDRIVE% together with its subfolders, but it will only lock files with .doc, .docx, .geo, .xml, .backup, .tiff, .jpeg, .cd, .cdr, .dwg, .png, . txt, .php, .psd, .rar, .zip, .exe, .mp3, and other popular filename extensions in them. These are files users value the most. All encrypted files get the .Satyr extension appended, so it will not be hard to say which of your files have been locked. This ransomware infection not only locks personal data on affected computers, but also opens a window with a ransom note. Unfortunately, it is not so easy to close it. The only way to remove it from the screen is to kill the malicious process in Task Manager. Also, you will find a new file READ ME.txt on your Desktop. If you read the message left for you on the opened window, you will find out that the only way to unlock files is to pay 0.018 BTC for the special decryptor. It is not very expensive, but you should still not pay money for it because it is unclear whether you will get it. As mentioned at the beginning of this report, Satyr Ransomware deletes Shadow Volume Copies of those files it encrypts too so that it would be impossible to restore them without the special tool that crooks want you to purchase, which means that you could restore your files only if you have a backup. This backup cannot be located on the affected computer because the chances are high that it has become useless too after the entrance of the ransomware infection.
Do not download any cracks, keygens, and similar software from dubious P2P websites because you might end up with Satyr Ransomware on your computer. It might pretend to be useful software/files, but, as research has shown, it might also enter users’ computers via hacked RDPs. Because of this, use only strong RDP credentials. Last but not least, researchers working at 411-spyware.com say that there is a huge possibility that it will also be distributed via spam emails. It should be spread as an ordinary email attachment, so you should not go anywhere near attachments spam emails contain. Of course, we cannot promise that you will protect your system against all harmful infections so easily. We have asked our specialists to give you a piece of advice that could help you to prevent malware from entering the system, and they told us that all users must have a security application installed on their computers 24/7 as well.
You can erase Satyr Ransomware from your system either manually or automatically. If you decide to adopt the manual method, you will, first, need to close the ransomware window by killing the process of the malicious file downloaded recently. Then, you will have to remove two components that belong to Satyr Ransomware: 1) the ransom note READ ME.txt and 1) the malicious file downloaded and launched recently. If you want to get rid of malware quicker, you can use an antimalware scanner instead. Without a doubt, it is easier to clean the system automatically.
|#||File Name||File Size (Bytes)||File Hash|
|1||Spartacus Satyr Variant.exe||18944 bytes||MD5: f31d6529ff4ad98053f9a8a9832f95e3|
|#||Process Name||Process Filename||Main module size|
|1||Spartacus Satyr Variant.exe||Spartacus Satyr Variant.exe||18944 bytes|