A ransomware is a malicious program that encrypts the files and folders on a computer and takes them as a hostage. It does this for the benefit of cybercriminals who then request that a ransom amount, usually in Bitcoins, be paid for the victim to access to their files again.
Nowadays, ransomware attacks constitute are a massive cybersecurity threat as they happen with a worrying frequency. There are even reports that a ransomware attack takes place every 14 seconds! More worrying is the many strains of ransomware malware that keep on rearing their ugly heads. This makes it hard for cybersecurity experts to keep up with the ever-evolving threat.
In this article, we shall be discussing one such ransomware strain called Sage.
What Can the Sage Ransomware Do?
The Sage ransomware is a malware strain from the now defunct TeslaCrypt ransomware family. As any other ransomware will do, Sage scans the victim’s computer for predetermined file types and encrypts them with a powerful encryption algorithm. After this, it leaves a ransom note that reads as follows:
the Sage encrypted all your files!
All your files, images, videos, and databases were encrypted and made inacessible by software known as the Sage.
You have no chance to restore the files without our help.
But if you follow our instructions files can be restored easily.
Instructions on how to get your files back are stored on every disk,
in your documents and on your desktop.
Look for files !Recovery_2g0zr9.txt and !Recovery_2g0zr9.html
If you can’t find this files, use the program ‘Tor Browser'(you can find it in Google)
to access the (onion)Web site http://qbxeaekvg7o3lxnn.onion to get your instructions’
Once Sage has managed to get to this stage, there is nothing that can be done to recover the encrypted files as they are usually encrypted with the military-grade AES-256-bit encryption standard.
While you might consider paying the ransom amount usually $530 worth of Bitcoins, if your computer has been infected, it is not something that we would encourage. Cybercriminals are not the kind of people that you should be trusting to keep their word, and even if they do, who is to say that they won’t attack you in the future, especially now that you have demonstrated your willingness to cooperate.
What you need to do after a ransomware attack is to terminate the Sage ransomware ASAP.
How to Remove the Sage Ransomware
Part of the reason that the TeslaCrypt family of ransomware become defunct is because cybersecurity researchers understand how they operate and have thus equipped anti-malware software solutions with the means to detect and stop them. This is to say that all you need to remove the Sage ransomware is a powerful anti-malware software such as Outbyte Anti-Malware. It will do a comprehensive scan that will look for the Sage malware signatures and its behaviors.
When a malware threat is as big as the Sage ransomware, we normally recommend that you run your computer on Safe Mode with Networking.
Safe Mode works to prevent other apps except those that come with the Windows OS from automatically launching, while the network option will allow you to access internet and other network resources. Here is how to get to Safe Mode with Networking on a Windows 10/11 device:
- On the Windows Sign in Screen, press Shift + Restart.
- Windows 10/11 will reboot and present the Choose an option screen, select Troubleshoot.
- Go to Advanced options -> Startup Settings -> Restart.
- Press 5 or the F5 key to boot to Safe Mode with Networking.
Once in Safe Mode with Networking, only then should you launch the anti-malware software. If you don’t have it on your device, use the internet to download it.
Another tool that you need to bring in your fight against the Sage ransomware is a PC repair tool. The repair tool will run a system-wide scan of your device, locating and deleting junk files, stopping speed-reducing issues, and repairing broken or missing registry entries. In other words, while the anti-malware software will crush the virus, it is the PC repair tool that will nurse your computer to health.
Windows Recovery Tools
Supposing you don’t have the luxury of buying Outbyte Antivirus, what else can you do to remove the Sage ransomware?
The Windows OS offers a raft of options that lets you undo any harmful changes to your computer. These range from the mild System Restore to the more drastic Use installation media to reinstall Windows. Since we cannot possibly cover all the options in this piece, we shall discuss two of these.
System Restore is a Windows recovery tool that relies on what is called a restore point which acts like a ‘snapshot’ of the Windows OS at a point in time.
So, if you have such a ‘snapshot’, you can use it to return your computer to a previous performance level. Getting to System Restore is easy, and if actually took the steps leading to Safe Mode with Networking you might have seen the System Restore option under Advanced options as seen below:
Once you click on this option, you will see the list of restore points that are available on your computer. Select one and proceed with the System Restore process.
Although great in many ways, the System Restore tool has its limitations. The foremost of these is that restore points must exist, and they need to have been created prior to the PC issue that needs to be solved. The other limitation is that some malware strains are known to delete restore points so as to ensure that affected victims have no way of recovering their files and folders.
Reset this PC
The Reset this PC recovery tool lets you do just that i.e. reset your device to default. To reset your Windows 10/11 device, take the following steps:
- Open the Settings app by pressing the Windows + I keys.
- Navigate to Change PC settings > Update & Recovery > Recovery.
- Choose the Remove Everything option to reset your PC. The reason you would want to do this is that with the Sage ransomware, your files can never be recovered.
- Click Get Started.
- From here, proceed by following the instructions on the screen.
Even without an antivirus, resetting your PC should remove all malware entities from your computer. Now, all you have to do is to make sure that you never get infected again.
How to Prevent Ransomware from Infecting Your Computer
Preventing a malware infection is a tall order for anyone, including the best in the field of cybersecurity, but it can be done. All you need is to follow simple safety rules. Here is a list of the most important:
- Install an anti-malware software on your device and scan your computer daily if possible.
- Avoid visiting sites that have no security seal or that serve too many advertisements.
- Check the authenticity of messages, emails, and security alerts before responding to them.
- Have a backup of your most important files so that even if you are a victim of a nasty ransomware attack, you will have a way to recover them back.
- Lastly, always keep your computer clean by deleting cookies, browsing history, apps, and other files that you no longer need.