safeanonym14@sigaint.org Ransomware

As strange as it might sound, users who encounter safeanonym14@sigaint.org Ransomware may consider themselves lucky since the infection’s creators have made a mistake. It appears to be that even though the malware locks particular personal files on the computer, it also gives away the password needed to decrypt the damages files. Of course, the malicious application could be updated in the future, and the mistake of revealing the password to the threat’s victims could be fixed, so we cannot guarantee the method explained in the article will work for everyone. Nonetheless, we would advise you to try it if you have no other option and the damaged files are irreplaceable to you; after all, you have nothing to lose. Once the data is restored, it is important to erase the malware as soon as possible. To make it easier for users who would like to get rid of safeanonym14@sigaint.org Ransomware manually we placed removal instructions just below the article.

Generally speaking, the main idea behind any ransomware application is to take the user’s data as a hostage and try to extort money from the victim while promising to provide the needed tools for encrypted files’ restoration. The ones who created safeanonym14@sigaint.org Ransomware ask their victims to pay 100 US dollars, but their ransom note may not appear until all targeted data on the computer gets locked. Our researchers say this malware should encrypt files that are placed on the Desktop, Downloads, Documents, Pictures, Music and Video folders. It means data on any other folder are supposed to remain unencrypted. You can also easily recognize damaged data from the additional extension (.enc) that is appended to each locked file. When the encryption process comes to an end, the threat should open a window containing the ransom note.

The message from the malicious application’s developers might shortly explain what happened to your data and give you instructions on what to do to be able to recover it. To be more precise, it demands victims to transfer 100 US dollars to the provided Bitcoin address. As the note specifies the money transferring must be made in 24 hours because after that the decryption password might be deleted permanently. After making the payment, users are instructed to email transaction details and their IP address to safeanonym14@sigaint.org Ransomware’s creators. In exchange, they promise to send the decryption password. Needless to say, we advise against paying the ransom since there is a possibility to decrypt files without paying and there are no guarantees the decryption password will be sent as they promise.

Like we said in the beginning, safeanonym14@sigaint.org Ransomware’s creators made a vital mistake when they were developing the malware. Consequently, once the user accidentally executes the malicious program, it could show him a dialog box containing the password. It might show it only for a moment, so you may be unable to memorize it, especially if you do not yet realize the computer was infected. Fortunately, the decryption key should be stored on the victim’s computer and you could get it if you restart the system in Safe Mode. Then, users should launch the Registry Editor, find HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion path and look for a value name called pass; its value data should reveal the decryption password. For more detailed steps and further instructions on how to decrypt your data follow the removal steps, we placed at the end of this article.

Keep it in mind that if you want to try to get the decryption password, you should delete the malicious application only after the locked data is fully restored. The malware’s displayed window is also a decryption tool, so it is necessary to unlock the damaged files. Unless you have backup files and you are guaranteed you do not need the decryption password. In such case, users could erase the infection as soon as possible. The instructions placed below will show how to eliminate safeanonym14@sigaint.org Ransomware manually, although it might seem a bit too difficult for some users. Under such circumstances, we would advise you to restart the computer in Safe Mode with Networking and download a reliable antimalware tool that could delete the threat for you.

Restart your system in Safe Mode with Networking

Windows 8/Windows 10

1. Tap Win+I for Windows 8 or open the Start menu for Windows 10.
2. Click the Power button
3. Press Shift and hold it as you click Restart.
4. Choose Troubleshoot and pick Advanced Options.
5. Select Startup Settings and click Restart.
6. Press the F5 key and restart the PC.

Windows XP/Windows Vista/Windows 7

1. Go to Start, pick Shutdown options and click Restart.
2. Press and hold F8 when the computer starts restarting.
3. Select Safe Mode with Networking from Advanced Boot Options window.
4. Click Enter and log on to the computer.

Get the decryption password

1. After you restart the computer in Safe Mode press Win+R.
2. Type Regedit and click OK.
3. Navigate to the following path: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion
4. Find a value name called pass, right-click it and choose Modify.
5. The decryption password should be given in the value data box.
6. Write down the password exactly as it is.
7. Restart the computer normally.
8. When the malware’s window appears, enter the code and press DECRYPT.

Eliminate safeanonym14@sigaint.org Ransomware

1. Press Win+R, type Regedit and click Enter.
2. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. Find a value name called svchost, right-click it and press Delete.
4. Close the Registry Editor.
5. Open the File Explorer.
6. Go to %HOMEDRIVE%\Logs\System\Windows\DefaultApplications
7. Locate a file titled as svchost.exe, right-click it and select Delete.