1 of 5
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Saturn Ransomware

Saturn Ransomware is a dangerous and highly clandestine infection that can slither into your operating system without alarming you. The threat is most likely to conceal itself as a document and introduce itself to you via a misleading spam email. If the trick works, and you open the file, the infection is unleashed, and the encryption of files begins soon. When the malicious threat encrypts your personal files, you are unlikely to notice it either because the threat does not open any windows or show any alerts. If anti-malware software is not installed to protect your system against this malware and alarm you about the malicious activity, you will realize that you need to remove Saturn Ransomware only after it corrupts your files. Unfortunately, if you have found your files corrupted, you will not be able to recover them. Hopefully, you use backups, and you can retrieve files from an online cloud or an external drive because the malicious ransomware is not “decryptable.” All in all, even if you cannot save your files, you can delete the infection, and you will learn how to do it by reading this report.

According to our malware research team, Saturn Ransomware has only recently started spreading and corrupting vulnerable systems. It joins such recently discovered threats as SuddenTax Ransomware, Rarucrypt Ransomware, and DCRTR Ransomware. Although all of these infections encrypt files and demand ransoms, all of them are unique. For example, when Saturn Ransomware encrypts your personal files, it adds the “.saturn” extension to their names. This threat also has a unique list of files that it is meant to encrypt. The ransomware encrypts files with such extensions as .txt, .mp3, .wma, .jpg, and .rar. Our researchers have also found that this infection uses commands to delete Shadow Volume copies, to disable Windows startup repair, as well as to clear the Windows backup catalog. These commands are: “cmd.exe /C vssadmin.exe delete shadows /all /quiet & wmic.exe shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog –quiet.” Unfortunately, because of this, recovering files that are backed up on your system is impossible. After the encryption, the infection creates four unique files.

One of the files created by Saturn Ransomware is the .KEY file with a unique identification number. The victim is supposed to enter this number into an area represented at http://su34pwhpcafeiztt.onion. Users are introduced to this page via “#DECRYPT_MY_FILES#.html” and “#DECRYPT_MY_FILES#.txt” files. Both of these files represent a message that instructs to download the Tor Browser, visit the mentioned page, and then follow additional instructions. The message within the .onion page is available in Chinese, English, French, German, Italian, Japanese, Portuguese, Russian, and Spanish languages, and once the code is applied, the victim is provided with the ransom payment instructions. The initial fee is $300; however, the ransom is meant to double after 7 days. 13JEwGTEUbUcM7Nhvf24v5DngaTNo8cx98 is the Bitcoin Address to which the ransom must be paid in Bitcoins. Paying the ransom is not recommended because cyber criminals are unlikely to keep their promise to decrypt your files. The last file created by Saturn Ransomware is called “#DECRYPT_MY_FILES#.vbs,” and it is created on the Desktop. All of these files must be removed.

Where is the executable of Saturn Ransomware? If you are able to find it, you should be able to remove the malicious threat yourself. If identifying the launcher is impossible for you, employing anti-malware software is strongly recommended. While it is crucial that you delete Saturn Ransomware and all other malicious infections that might be active on your operating system, it is most important that this software can protect your operating system against malicious infections. If you do not enable full-time protection, you are likely to face other malicious threats, and not just ransomware. Needless to say, that is something you want to avoid at all cost, which is why you need to consider installing anti-malware software. If you choose not to, you will need to remove Saturn Ransomware manually. Hopefully, the instructions below will help you. If you have questions for our research team, add a comment below.

Saturn Ransomware Removal

  1. Find the {random name}.exe launcher of the ransomware.
  2. Right-click and Delete the file.
  3. Delete the #DECRYPT_MY_FILES#.vbs file on the Desktop.
  4. Delete the #DECRYPT_MY_FILES#.txt and #DECRYPT_MY_FILES#.html files (copies are likely to be placed in multiple copies all over your operating system).
  5. Delete the #KEY-[random characters].KEY file representing a unique code.
  6. Empty Recycle Bin.
  7. Install a trusted malware scanner to inspect your operating system. If leftover malware is found, remove it ASAP.
Download Spyware Removal Tool to Remove* Saturn Ransomware
  • Quick & tested solution for Saturn Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.