Home / Spyware Help / Sadstory Ransomware Removal Guide

Sadstory Ransomware Removal Guide

by 0 Comments

Do you know what Sadstory Ransomware is?

According to our malware analysts, Sadstory Ransomware is a highly malicious computer infection that you ought to remove from your computer as soon as possible because it has been created for the single purpose of encrypting your personal files and demanding that you pay a ransom for the decryption key. This particular ransomware can enter your computer secretly, so the only way to avoid getting it on your PC is to have an anti-malware program installed on it. If your PC has become infected with this ransomware and you want to find out more about it, then we invite you to read this whole article.

Our malware researchers have concluded that Sadstory Ransomware belongs to the CryPy Ransomware family, so it is similar to CryPy Ransomware and its clones. There is no information about this ransomware’s developers, but it is clear as day that they are nothing more than cybercriminals that want to extract your money from you.

Malware researchers say that this new ransomware might be distributed via Exploit kits, DLL file attacks, or malicious JavaScript. They also think that the malicious program might be distributed in malicious emails that might be disguised as legitimate. The emails ought to contain a malicious file that may be an aforementioned JavaScript file or a DLL file that will then download the main executable file. The executable file might be named as ReadMe.pdf.exe and should be placed in %LOCALAPPDATA%. Now, let us move onto how this ransomware works.Sadstory Ransomware Removal GuideSadstory Ransomware screenshot
Scroll down for full removal instructions

Malware analysts say that Sadstory Ransomware was configured to encrypt your files with the AES-256 encryption algorithm. This algorithm features a 256-bit encryption key, so the encryption is quite strong and, to our knowledge, there is no free third-party decryption tool that could crack this program’s unique encryption. Furthermore, this ransomware creates a unique encryption key for each infected computer and a corresponding decryption key that should be sent to a remote server because it does not look like this ransomware stores the decryption key locally.

Testing has shown that this particular ransomware is set to move all encrypted files to a folder named __SAD STORY FILES__. It also renames all files and adds a ".sad" file extension. After the encryption is complete, it launches a CMD window that tells you that the password you entered is longer than 14 characters. Of course, this has nothing to do with your computer’s password whatsoever. This ransomware is set to delete a random file every 6 hours if you hesitate to pay. Also, if you do not pay the ransom within 96 hours, then the developers will delete the decryption key, and you will be unable to decrypt your files. It drops a ransom note named SADStory_README_FOR_DECRYPT.txt that is set to provide you with instructions on how to buy the decryption program.

In order to buy the decryption program, you have to message the cyber criminals using one of the provided email addresses (tuyuljahat@hotmail.com or lucifer.fool@yandex.com), but you have to send them your unique identification ID featured in the note. Unfortunately, we do not know how much money the developers of this malware want you to pay but consider the fact that your files might not be worth the money if, for example, they want you to pay 2,000 USD.

In closing, Sadstory Ransomware is one highly malicious computer infection that was designed to encrypt many of the files on your PC and demand that you pay money for the decryption program. Paying the ransom might not be economical, and there is no guarantee that you will receive the decryption key at all. If your PC has been infected with this ransomware and you have made the decision to remove it, then please follow the guide featured below. Alternatively, you can use SpyHunter, our featured anti-malware application.

How to remove Sadstory Ransomware

  1. Simultaneously hold down Windows+E keys.
  2. Enter %LOCALAPPDATA% in the File Explorer’s address box.
  3. Press Enter.
  4. Find ReadMe.pdf.exe, right-click it and click Delete.
  5. Go to your Downloads folder and delete all recently downloaded suspicious executable (.exe) files.
  6. Empty the Recycle Bin.

In non-techie terms:

Sadstory Ransomware is one nasty computer infection that can cause you a lot of trouble. Its developers are nothing more than cyber crooks that want to extort money from you. So this program was designed to encrypt your files and so that you could not access them. Instead of paying the ransom, we advise that you remove it from your computer entirely.