Beware Sage 2.0 the new ransomware that has been gaining traction in January. The new ransomware is spread via an email with an attachment. The email subject line is often the recipient’s name and then an attachment zip file which again contains the email recipients name.
The attachment usually contains a zip file with a pdf inside or a zip within a zip file. The zip file contains a document that when opened installs a virus that locks out the person’s access to their files and programs. After the script has run, it closes the unlucky computer owner out of accessing anything of value on the computer.
This message will pop up –
Sage 2.0 utilises a TOR payment site called the Sage 2.0 User Area or User Cabinet. The payment contains information on the victim’s files and payment instructions on how to buy the decryption key. The decryption key is the way to unlock the access to files on the computer. Currently, the ransomware payment is set to ~$2,000 USD or $2,600 AUD. This amount doubles if the ransom is note paid within seven days.
Unfortunately, this virus was creating havoc in January and reports of it are still now surfacing. The decryption key is the only way to unlock the files on a computer. At this time there is no way to decrypt Sage 2.0 encrypted files for free.
Be careful when opening emails with attachments. It is always safer to double check with the sender if something doesn’t seem right. With any attachments that ask you to allow access to your computer again be mindful, is this email from a trusted source? Even if the sender is known, if the file seems odd or out of place, it is always better to double check. Contact the sender to ensure their computer has not been infected and the virus has been sent out to the emails their address book.
If you receive questionable emails, remember we are always here to help. Feel free to call or email with any questions; it is better to be safe than sorry.
