A new variant of ransomware is causing panic among computer users recently; this ransomware is called Saturn and it has started affecting computers. MalwareHunterTeam recently found this ransomware variant and has reported that Saturn has been affecting computers recently and chances are, they will keep on spreading as more and more users are falling prey for the ransomware in recent days.
Ransomware and how it spreads:
A ransomware typically spreads through emails. Initially, it will start affecting new users by distinguishing itself as a genuine email. WannaCry used a tactic where it sent its users an email about deliveries from FedEx, UPS, DHL and much more about a delivery or a failed delivery. This lured users to click on the attachment without much caution leading into getting affected by these ransomware attacks. Below is an example of such:
Credits: qubSaturn variant:
Saturn Ransomware uses the same tactic as other ransomware and Saturn demands $300 from its victims if they contact them within a week’s time. The charges go higher if the infected user calls them and within a month’s time of failing to pay them will wipe your information off of their database.
Paying these hackers almost never gets these files back for you so please do not pay for them. I in my personal experience has not heard of one successful case of recovering all of their files back from these hackers except in one instance, the hacker gave the files back out of courteousness. So what happens to the encrypted files? Basically they become .saturn. To explain easily, if you have a document called taxrecords2018.pdf it will become taxrecords2018.pdf.saturn and thus becomes encrypted.
Once encrypted, they are unable to decrypt unless and until you’ve a decrypt key with you and it can be decrypted by some websites such as nomoreransom.org but trust me, it is a hectic process and the success rate is very low.
Resolution and prevention:
As mentioned, do not click any emails that you don’t trust. This is basics because most of the problems and not just ransomware starts with clicking emails from unknown sources so please do not click any links that you don’t trust at all.
Even after opening the emails, there is a chance that you can prevent yourself as none of the companies will send you a .exe extension at all. Never download any .exe from emails and most of the emails automatically filter such extensions. Sometimes, they look like yourdelivery.pdf.exe so never download such files at all costs.
If you get infected, chances are that you will never get the files back but you can surely try nomoreransom.org and there are certain decrypters available on the website that you can try.
Ransomwares such as WannaCry, Saturn will only spread if you’re not aware with what you’re doing most of the times, so with little caution and carefulness, one can simply just destroy such infections. Never trust any emails all together and make sure that you click links that you trust and open attachments that are genuine and you can stay relaxed and safe on the internet. You can share your thoughts and views on the comment section below.