1 of 7
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Sage Ransomware

Sage Ransomware is a well-developed computer infection categorized as ransomware. It means that the program enters your system and demands that you pay a ransom fee to retrieve your files. Unfortunately, no one can guarantee that this program will really issue the decryption key, so you would risk losing your money without the possibility to restore your files at once. Of course, you need to remove this program from your PC immediately, and for that, you can scroll to the manual removal instructions that you can find right below the description. Also, please consider investing in a licensed antispyware tool that would ensure your system’s protection.

Of course, it would be ideal if you could avoid getting infected with the application from the very start. Therefore, you should be more careful when you open emails from unfamiliar senders. Our research indicates that Sage Ransomware spreads via malicious attachments. The malicious attachments, in this case, refer to files that are sent to your inbox in a spam email message. Spam email campaigns can encompass multiple addresses, and sometimes the messages look like legitimate notifications from particular websites. It will look even more believable if they come from websites you are registered on. However, it is important to point out that reliable websites seldom send important documents as email attachments. What’s more, if you are not sure about the legitimacy of a particular file, you can always scan it with a security application, too.

Although we cannot confirm that independently, the infection claims that it uses the 4096-bit RSA key to encrypt your files. If the claim is accurate, it means that there is practically no chance you decrypt your files unless you get the original decryption key. This is why it seems you have to purchase it for 0.12621 BTC (around $95USD) from the criminals. They also give you four days to transfer the payment, otherwise, they say the decryption key will be destroyed and the possibility to restore your files will disappear for good.

Unfortunately, currently there is no public decryption tool available that would restore your files for free. Therefore, when you remove Sage Ransomware from your computer, you need to get rid of the encrypted files and then copy and paste healthy copies of your data into your hard drive. Where should you get those healthy copies from? Users are always encouraged to have a data backup, and we think that you will be able to find copies of your most important files in an external HDD or in some online storage. Just do not forget to get rid of the infection before you transfer back the files, because Sage Ransomware might encrypt the new files, too.

Now, as far as the infection itself is concerned, you can delete Sage Ransomware manually as well. For that, you need to know just how many files the infection drops, and where to look for them. Upon the infection, the program places itself in the %APPDATA% directory. The malicious file is an executable (.exe) that has a random filename. It might be a little bit hard to look for it if you seldom roam around your system’s directories, but you should be able to notice it because it does stand out with its random filename.

Also, there should be one image, three .txt, and three .html files you need to remove. These files will contain the ransom note in various forms. The names of all these files should be the same, but the files will be scattered across your computer. One will be on your desktop, and the rest should be in the %USERPROFILE%\My Documents and %TEMP% directory.

Let us not forget the installer file you have launched right before Sage Ransomware took over your system. You will find that file in your Downloads directory, or any other folder where you save downloaded files. Again, this file will have a random name, so the easiest way to find the newest file is to group your data by date.

On the other hand, if you do not want to go through this hassle, you can always remove Sage Ransomware with a security tool of your choice. It is always a good idea to have a computer security application because you can never know when you would have to fight malicious infections.

How to Remove Sage Ransomware

  1. Delete the ransom note file from your desktop.
  2. Press Win+R and the Run prompt will open.
  3. Type %USERPOFILE%\My Documents into the Open box and click OK.
  4. Remove the ransom note files from the directory.
  5. Press Win+R and type %TEMP%. Click OK.
  6. Delete the ransom notes from the directory and go to the Downloads folder.
  7. Remove the most recently launched file from the folder.
  8. Press Win+R and type %APPDATA%.
  9. Click OK and delete the random-name .exe file.
  10. Press Win+R once more and type %ALLUSERSPROFILE%\Start Menu\Programs\Startup.
  11. Click OK and remove a random-name shortcut from the folder.
  12. Run a full system scan with a security application.
Download Spyware Removal Tool to Remove* Sage Ransomware
  • Quick & tested solution for Sage Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.