SARansom ransomware

September 11, 2018

What is SARansom

SARansom – a dangerous virus which enters the system unnoticed and encrypts files with the .enc extension.

SARansom ransomware is a file-encrypting virus which was first noticed in August 2018. This cyber threat appears as the SARansom.exe process in the \ Desktop \ -> \ User_folders \ -> \% TEMP% \ folder. It is known that the developer claims to be “Alex”. Furthermore, SARansom virus uses the AES-256 encryption algorithm to lock up valuable files on the infected computer and add the .enc extension to each corrupted document. After the encryption, the ransomware displays a ransom note which urges victims to pay the demanded 5 Bitcoin ransom and send evidence of the transfer to

SARansom ransomware

Once installed, SARansom ransomware might show such symptoms:

Files are encrypted and the .enc extension is added; A ransom message is displayed; Dubious changes have been made in the Windows Registry. Download Removal Toolto remove SARansom

The ransom note looks like this:

Ransomware such as SARansom uses unique encryption codes to lock up important documents. Such keys differ each time when the crook makes an attempt against a new user. Because of that, it is almost impossible to discover the secret code. Moreover, all decryption and encryption keys are stored on remote servers which can be reached only by cybercriminals themselves.

However, do not rush and think of a better option than paying the criminals. Notice that you might face many losses and can get scammed. We recommend performing the SARansom removal by a trustworthy anti-malware tool such as . After you carry out the elimination, you can try some methods that are displayed below this article if wanting to recover encrypted data.

Moreover, you need to remove SARansom virus because there is a possibility that such ransomware-type viruses might infect your computer system with other malware by weakening your system security. After you proceed with the elimination, make sure you take care of valuable documents in the future. Purchase a USB drive and store documents of important files in it. Even though if some threat corrupts data which is located in your computer, it will not be able to reach files that are stored on an external device.

How does SARansom works

Ransomware is one of the most dangerous malware forms that are very common nowadays. Such viruses manage to sneak into the computer system unnoticed and start their damaging actions slightly. According to malware researchers, ransomware-type viruses usually distribute in two ways:

Spam emails. Cybercrooks drop numerous damaging messages to victims’ email boxes. A spam email might include a hazardous attachment or link. If you encounter such dubious content – eliminate it immediately. Third-party sources. Ransomware infections can spread through secondary sites such as P2P networks. These types of networks come improperly disclosed and might lack protection. Avoid visiting non-original websites and clicking on their provided links. Download Removal Toolto remove SARansom

Additionally, a piece of advice would be to download and install antivirus protection. Make sure you choose a highly-recommended tool and perform regular updates. This type of program will let you carry out regular system scans and will detect all infections that managed to slip through the security barrier.

How to delete SARansom

If you want to remove SARansom virus from your computer system permanently and get rid of all hazardous components, you need to install an expert-recommended anti-malware tool. We suggest choosing from , , or Anti-MalwareNorton Internet Security. If you perform all steps as required, your computer system will be able to function properly again.

After you carry out the SARansom removal, you can start thinking about data recovery. Below the article, you will see some third-party software that might be helpful in such case. Perform each step as shown in the instructions. Additionally, do not forget to refresh the system after you get rid of the cyber threat from your computer.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to SARansom. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove SARansom Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for SARansom or anything related to it, and once you find it, press ‘Remove’.

Uninstall SARansom Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for SARansom or anything related to it, and once you find it, press ‘Remove’.

Delete SARansom Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for SARansom or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If SARansom.safariextz appears on the list, select it and press ‘Clear’.

Remove SARansom Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for SARansom or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that SARansom is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the SARansom program.
  7. Select SARansom or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from SARansom

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete SARansom

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect SARansom, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find SARansom in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *