Recently 360 Cloud Center has detected a new ransomware – SATURN ransomware, which disguised itself as a Flash update to infect user’s computer, encrypt critical files, and further blackmail for $300 dollars in Bitcoin to save those files. The attackers threaten to destroy all the files if the ransom is not paid in time.
The ransomware creator provides free ransomware promises a very high commission to instigate people to spread it by utilizing the multi level marketing strategy. This structure has made the spread of SATURN more frightening since anyone can do it effortlessly with no cost.
Beware of fake Flash plugin popup
SATURN ransomware fakes itself as a Flash plugin and pops up a window when you visit a website that contains malicious code. Once you execute the file on the computer, SATURN first disables Windows repair and backup options, and then delete all the shadow copy backups to block data recovery. (Learn more: Bad rabbit ransomware disguises itself as a fake Adobe Flash installer)
After that, SATURN begins to encrypt practically all data file types, including documents, spreadsheets, slides, images, mp3, etc., and changes the file extension to “.SATURN”. Then a blackmail warning with voice notification shows up and instructs you how to save files and pay the ransom.
Saturn ransomware’s blackmail warning
The message says:
“All of your files have been encrypted! Your photos, videos, documents, etc. To decrypt your files follow these steps:
1. Download and Install Tor Browser from https://torproject.org
2. Run it and open website
3. Follow the instructions on the site.
Victims are instructed to buy a software called “SATURN Decryptor” and pay a $300 ransom in Bitcoin. If the ransom is not being paid, it will double after 7 days; and if the victims doesn’t “buy” back the files, those encrypted files will disappear forever.
When a cybercriminal knows marketing well…
“Inspired by” the idea of multi level marketing (MLM), the creator of SATURN provides ransomware module through a cloud service for FREE. The bottom level of malware spreader can get 70% commission of the revenue. With such scheme, no initial cost or no technological investment is needed, anyone can come up with their own SATURN variants and propagate the malware like sending an email. The “business model” of SATURN, possibly the most effective so far, has attracted many attackers to try out and makes the malware highly active, popular and diverse in a undesirable way, threatening the Internet security and all online users.
For 360 users, we recommend you to do the following to protect yourself.
1. Download and update required files from official websites.
2. Be caution when you click, download, or open any files and emails.
3. Backup important files regularly. (Try 360 Document Protector)
4. Keep 360 Total Security working and updated.
There are countless threats in the wild, yet we are always here doing our best to protect your PC and pocket!