Satan Ransomware is a type of virus or malicious software that is designed to block access to a computer system until a sum of money is paid. It encrypts the stored data using RSA-2048 and AES-256 cryptography. Satan ransomware uses the name of the encrypted files with the “.stn” extension (ex. filename.jpg.stn). Satan developer provides a service to the cyber criminals to make money by distributing the ransomware, as reported by PCrisk.com.
This Ransomware-as-a-service (Raas) offers the user to tailor their own code and ransom demands have been discovered in the Dark Web. As mentioned by ZDNet, it costs around $1 billion in damages over 2016 alone.
The HTML file of Satan contains a ransom demand claiming that the system’s files are encrypted and restoring them are impossible — which researchers say is sadly true at this stage as the malware uses RSA-2048 and AES-256 cryptography — and so paying up is their only option if they want their files back.
The ransom note then guides victims to install the Tor browser, which is a requirement to reach web domains which are not indexed by typical search engines. Victims are then given the .onion link to Satan’s payment page. There, they have to pay up in Bitcoin in return for keys to decrypt files, but the amount depends entirely on the RaaS user’s specifications.
You should sign up for an account with the malware’s domain, hosted on the Dark Web to use the Satan RaaS platform. To decrypt, the user must pay a specific cost by a bitcoin transfer.
This ransomware contains several numbers of features that include fee payment records, dropper creation, transaction tracking and Satan version releases. It allows the user to create a “notes” that is related to the victims.
The users are warned by Satan creator not to upload their malware to VirusTotal or any other scanners.The step is taken by the creator to protect Windows machines from the threat. Also, the user can translate their malware into different languages.
While the threat level of the Satan malware is high as there are no free decryption services available, thankfully, recorded infection and exposure rates are low.