1 of 2
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Satyr Ransomware

Satyr Ransomware is a malicious program that employs AES encryption algorithm to lock victim’s data to make him pay a ransom. Our researchers say the malware should mark the files it encrypts with .Satyr extension, for example, kittens.jpg.Satyr, introduction.docx.Satyr, and so on. Therefore, it is not difficult to identify this threat. Moreover, after it damages user’s files, it should display a ransom note to explain to the victim how to pay for decryption. Needless to say, we would not recommend complying with any demands as it is entirely possible the hackers behind Satyr Ransomware could trick you as they may not keep up to their end of the deal. If you think paying the ransom is too risky too, we encourage you to follow the removal instructions added at the end of this text. They will show how to eliminate the malware manually. It will not bring your data back, but it will help you get a clean start.

Currently, there are three versions of how Satyr Ransomware could enter the system. The first one is through malicious email attachments that might be spread via Spam emails. The second option is fake keygens, or other tools alike downloaded from unreliable file-sharing web pages. In both of these cases, the victim’s computer should get infected after the user launched the infected files. In other words, you could infect the system yourself without even realizing it. The last distribution method is hacked RDP (Remote Desktop Protocol) connections. Thus, it is not enough to stay away from potentially dangerous content obtained through the Internet if the user wants to stay away from similar threats. In addition, users should make sure their system and other important programs are up to date. Not to mention, it is vital to use strong passwords, so if you some of your passwords might be weak, we would recommend changing them.

Once the malicious application is executed, it should delete all shadow copies and start encrypting user’s private files, for example, pictures, photos, text or other documents, videos, etc. According to our researchers, Satyr Ransomware skips directories like %WINDIR%, %PROGRAMFILES%, and %PROGRAMFILES(x86)%. What’s more, as said earlier, all affected files are supposed to be marked with a specific extension; it is where the malware’s name comes from. Lastly, when all targeted data is encrypted the threat should drop a text document called READ ME.txt. It looks like it is placed on user’s Desktop and it is supposed to carry a short message saying: “All your data has been locked us. You want to return? Write Telegram: https://t.me/tony_montana10928 or @tony_montana10928 Your personal ID KEY: [ID]. ” However, you might find a more extended version of it on a pop-up window that should be displayed after the encryption process as well. The warning should not only ask to contact the hackers behind Satyr Ransomware, but also demand the user to pay 0.018 BTC to a specific Bitcoin wallet.

Naturally, it might look like a simple deal: you pay around 166 US dollars (the converted sum (0.018 BTC) at the moment of writing), and Satyr Ransomware’s creators decrypt your files as soon as they get the payment. Nevertheless, the reality could be different. Instead of helping the user the malware’s creators may not bother to do anything at all after all the user would be unable to get his money back in any case. Also, they could try to extort even more money from you and promise to decrypt your files later on. Obviously, there might be quite a few different scenarios, and if you do not want to end up in any of the situations, we advise you not to take any chances and remove the malicious application.

To get rid of Satyr Ransomware manually users could follow the deletion instructions located a bit below this text. They will explain what to do step by step. On the other hand, if you slide below and the removal instructions seem to be a bit too difficult for you to handle, you could simply install a reliable antimalware tool. Scan your system with it, and the malware should be detected along with other possible threats.

Erase Satyr Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Go to the Task Manager.
  3. Find the malware’s process.
  4. Mark this process and click End Task.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Navigate to:
  8. Check if you can find the malicious file downloaded before the computer got infected.
  9. Right-click the suspicious file and press Delete.
  10. Go to your Desktop and find a document called READ ME.txt.
  11. Right-click the mentioned text file and select Delete.
  12. Close File Explorer.
  13. Empty your Recycle bin.
  14. Reboot the system.
Download Spyware Removal Tool to Remove* Satyr Ransomware
  • Quick & tested solution for Satyr Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.