Our removal guide will show you how to remove the Sage 2.0 ransomware infection from your computer and protect yourself in the future.
About The SAGE 2.0 Ransomware
The Sage 2.0 ransomware is an updated version of the original Sage ransomware. It is a new strain that uses the same behavior patterns of the original code base. The aim of the virus is to encrypt target user files and extort the victims for a ransomware payment.
This exact iteration of the Sage ransomware extorts the sum of 2000 US Dollars in Bitcoins. If the user does not pay within 7 days of infection the amount is doubled.
When the infection is complete the virus modifies key Windows settings by setting up a persistent environment.
After that the encryption engine is engaged which targets the most commonly used data – various multimedia files, backups, documents, configuration files and etc. All affected files receive the .sage extension.
After the encryption is complete the virus generates a HTML ransom note. Its contents displays the following:
Important information! Please read very carefully!
ATTENTION!
SAGE 2.0 ENCRYPTED ALL YOUR FILES!All your files, images, videos and databases where have been encrypted and no longer accessible
by software known as Sage 2.0!In the case of non-payment of the full commission within XX:XXh,
the amount of commission will be raised to $4000 (~B4.443750)YOU HAVE NO CHANCE TO RESTORE THE FILES WITHOUT OUR HELP!
THE FILES WILL BE RESTORED EASILY IF YOU WILL FOLLOW OUR INSTRUCTIONS!In case of the repeated non-payment of the increased commission during the Xh XXh period,
the unique decryption code for your files will be blocked
and its recovery will be absolutely impossible!
Another generated ransom note with the filename !Recovery_<3_chars>.html with the following contents is also displayed:
mF9SDtko***
Need help with translation?? Use https://translate.google.com
ATTENTION! ALL YOUR FILES WERE ENCRYPTED!
PLEASE READ THIS MESSAGE CAREFULLY
All your important and critical files as well as databases, images and videos and so on were encrypted by software known as SAGE!
SAGE 2.0 uses military grade elliptic curve cryptography and you have no chances restoring your files without our help!
But if you follow our instructions we guarantee that you can restore all your files quickly and safely!
—
To get the instructions open any of this temporary links m your browser:
***7gie6ffnkrjykggd.er29sl.in/login/AUpcq***
***7gie6ffnkrjykggd.rzunt3u2.com/login/AUpcq***
This links are temporary and will stop working after some time, so if you can’t open these links, you can use TOR Browser
The TOR Browser is available on the official website https://www.torproiect.org/
Just open this site, click on the “Download Tor” button and follow the installation instructions, then use it to open the following link:
***7gie6ffnkrjykggd.onion/login/AUpcq***
Please be sure to copy this instruction text and links to your notepad to avoid losing it.
dO5P5u6J77SV-3m-DNiR0fS28bSmYXvoMstN_hfU_vPaLVKNg2xr
How Does The SAGE 2.0 Ransomware Infect Computers
The Sage 2.0 ransomware infects mainly through spam email messages. This wave of viruses was detected in email messages that carry no subject lines or body contents. In these cases the ransomware is located in a zip file that contains a Microsoft Word document with a malicious macro. When it is opened a message containing the following message is displayed: Document created in earlier version of Microsoft Office Word. To view this content, please click ‘Enable Editing’ frorm the yellow bar and then click ‘Enable Content’. If the user clicks on it the Sage 2.0 ransomware is downloaded on the host computer.
How To Remove The SAGE 2.0 Ransomware and Recover Affected Files
You can use a trusted anti-spyware solution to remove active infections and protect your computer .