Saturn ransomware was recently discovered by at least several cyber security researchers and immediately put under the radar due to its’ unusual nature – Saturn is distributed for free as a tool that let’s anyone to become an amateur hacker and steal money from users.
This phenomenon even has a special name – Raas (Ransomware as a service). It is an affiliate program that lets anyone to get access to the files of this ransomware and distribute it themselves. When the ransom is paid, distributor gets 70% of the profit, while the original developer of Saturn ransomware gets the other 30%.
What does that mean to you as an user who seeks to protect your computer from malware and other possible threats online? It makes this virus more severe – a lot of distributors might use various different distribution methods. Saturn virus is actively distributed right now and cyber security experts can’t tell one exact method that is used to get inside of users’ computers. That’s because there are a bunch of them and you should always be careful.
Encrypting files, asking for $300
Once inside of the computer, Saturn ransomware will try to employ RSA encryption method to lock files stored on the hard drive. This technique is common, used by ransomware infections like TBlocker virus or FriedEx virus.
In order to maximise chances of successful infection, Saturn Ransomware attempts to delete all shadow copies stored on the system and disable or even remove anti-malware or anti-virus programs that might disturb the infection. However, we assure you that a decent anti-malware application will be able to deal with this kind of virus.
The encryption process itself aims to identify files stored on your hard drive and add an unique extension “.saturn” to the end of every of your personal file. This way they are encrypted with strong RSA encryption and from the exact same moment you won’t be able to open or use those files anymore.
Saturn ransomware also wants you to know about its’ presence – it will create two files called “#DECRYPT_MY_FILES#.txt” and “#DECRYPT_MY_FILES#.html” and place them on the desktop. It is so-called ransom note that will store all information about current state of the computer and how you should pay the ransom.
Original text from the ransom note:
S A T U R N
All of your files have been encrypted!
To Decrypt your files follow these steps:
1. Download and install the “Tor Browser” from https://www.torproject.org
2. Run it.
3. In the Tor Browser, open website:
4. Follow the instructions on the page
Cyber criminals want you to visit their website through the Tor browser. If you follow these instructions, you will end up on a website with these instructions:
Saturn Decryptor Home FAQ Support
All your docu ments, photos, databases and other Important
To restore your files you have to buy a special sottware called ‘Satum Decryptor”
If you pay within 7 days the price will be ~300$ (003086896 BTC)
After 7 days the price will rise to -600$ (006173792 ETC)
Your files will be recoverable tor a month. after that your files are forever gone.
Special price will end in 6 days. 23 hours. 59 minutes.
How to buy Saturn Decryptor
The only payment method we accept is Bitcoin. Below is a step by step guide lor buylng Bitcoins. ll you need any more help contact our support or
search from gooole
l. You have to create a BitcointBTC) wallet.
We recommend the most popular wallet blockchain info or coinbase corn
2. You have to buy some Bitcoins lo your wallet
Buy more than 0.03 bitcoin.
We recommend the following trusted sites to buy bitcoin from (not related to this site in any way)
0 localbincoins com
3. Send 0.03 bitooins to the Bitcoin address below:
4. Walt for tho payment to get conllrmcd.
Retresh the page to see up to date payment stems,
S. Once the payment is confirmed you can download “Saturn Decryptor’.
You will be then automatically redirected tn the download page.
No payment found
As you can see, your files are locked and the only way to unlock them is to purchase Saturn decryptor for 300$ if you do it within 7 days. After that, the price will double.
However, we suggest not to do that – it’s not yet confirmed that cyber criminals will unlock your files even if you do pay the ransom. Moreover, communicating with them might be also dangerous.
There are some good and bad news. Bad news is that currently “.saturn” files are not decyptable. That means your files will be locked at least for a little longer. Good news are that you can easily remove Saturn ransomware from your computer and that there are alternative methods for decrypting those files.
First of all, to remove this virus, we suggest you to get yourself a reliable anti-malware application and scan the computer with it. Try using Spyhunter for this task. Either one of those programs should have no problems in detecting and removing malicious files of Saturn virus.
Next, if you have a valid backup copy of your disk that was stored on an external drive or on a cloud (otherwise it would get damaged by the ransomware), you can follow these instructions to restore files that are now encrypted.
Automatic Malware removal tools