An Inside Look at a Ransom Note


Jul 22, 2016

Satana Demands Payout and Warns Against Recovery Attempts

WarningWith ransomware attacks making headlines nearly every day in 2016, it seems that IT security professionals and the cybercriminals that try to outsmart them are in a constant battle for lead position—and lately, it seems that the cybercriminals are winning.

Recently, yet another strain of ransomware was discovered in its early sample form. Satana, (“Satan” in Italian) is a Trojan that encrypts files and corrupts the Windows’ Master Boot Record (MBR), which halts the Windows boot process and injects its own code into the MBR. Unlike sister-malware Petya which relies on help from tagalong Trojan Mischa, Satana doesn’t mess around with the Master File Table (MFT), it goes straight for the jugular—and manages to conduct both processes of injecting code and encrypting PC files all by itself. So, Satana seems to be an evolved version of Petya in that it doesn’t need anyone’s help—except for the human on the other end of the reboot function—in order to infect and encrypt a user’s computer.

Once Satana has successfully installed itself on its victim’s computer, it will launch its ransom note, which reads, in part:

“You had bad luck. There was crypting of all your files in a FS bootkit virus<!SATANA!> To decrypt you need to send on this E-mail: [email protected] your private code: C98F4DEC6A….”

…and so on. Eventually, the ransom note gets to the point where it instructs victims to pay a bitcoin equivalent to $340. The note, which blasts itself in bright red text against a sinister black background, ends with a call to action that tells users where to enter their decryption code to regain access to their files. The malware signs off with, “Good luck! May God help you! <!SATANA!>”

Kaspersky Lab has dubbed the Russian-linked Satana the “ransomware from hell.” According to Kaspersky Lab, researchers have identified six email addresses that serve as contact information for Satana’s victims, who must request payment and other instructions in order to receive the decryption key to unlock their files.

In order to fulfill the ransom and unlock encrypted files, the cybercriminals behind Satana demand that victims pay around 0.5 bitcoins, or approximately $340.

For the advanced and technically apt victims of Satana, there may be a light at the end of the tunnel. Experts have revealed that there is a way to at least partly bypass the MBR to gain access to the infected operating system and restore it—but be forewarned, this solution is only meant for experienced victims with very advanced technical skills.

Problematically, while you may be able to restore your OS, researchers have yet to figure out a solution that will give Satana victims access to their encrypted files. It seems that, at least for now, victims have only one option in order to decrypt their stolen files—and that is to pay up.

The good news, for the time being, is that Satana is currently in its infancy stages; it is not widespread, and researchers have uncovered errors and weaknesses in its code. On the flip side, it appears that Satana is positioned to evolve over time, and with its comprehensive method of attack, it has the potential to become the next major threat in the ransomware world.

To stay vigilant against ransomware threats, remember to always:

  1. Backup your data on a regular basis.
  2. Don’t open suspicious email attachments.
  3. Use trustworthy anti-virus software and keep it updated.
  4. Consult a professional if you need to bolster your security or you suspect you’ve been compromised.

{company} your local IT security solutions provider, keeping your business’ IT assets safe from ransomware, hackers, and other cybersecurity threats. For the most advanced IT security solutions in business, contact us at {phone} or send us an email at {email} for more information.

Related Blogs

  • On a blue background are the letters AI in white. Superimposed over this is a robotic face wrapped with a connectivity symbol. A word bubble says can I help you." alt="">
    How AI Chatbots are Changing the Call Center Game

    With Amazon Lex Chatbots and Contact Lens, you can create tomorrow’s customer experience today. Key Takeaways: AI chatbots are revolutionizing not just call centers, but the way customer service is...

    Learn More
  • Six office workers sit at computers on opposite sides of a table in a brightly lit office." alt="">
    4 Challenges of Managing WorkSpaces at Scale and How to Solve Them

    A skills gap in IT staff and rising employee costs make managed services the right choice Key Takeaways: Research says it takes a minimum of 10 dedicated full-time IT staff members to manage DaaS...

    Learn More
  • The customer call center in an AI world." alt="">
    How Artificial Intelligence Is Reinventing the Call Center

    Today’s most important AI call center trends – is your call center ready for them?  Key Takeaways:  Learn how to improve customer service operations using automation while still providing...

    Learn More