What is Sage 2.0?
Sage 2.0 is a new version of Sage ransomware. Like a previous one, Sage 2.0 has a dirty function- encryption files on affected computer. Asymmetric AES algorithm is used in order to do this which makes the file decryption almost impossible. During the encryption, name of each corrupted file will be appended with .sage extension, for example, myfamily.jpg turns into myfamily.jpg.sage. Once the encryption process is completed, virus will place ransom note on the desktop and put in all folders with encrypted files. Victims are blackmailed stating that they need to send 2000 USD to the Bitcoin wallet account to restore their files. Furthermore, you have only 7 days; otherwise, the amount of ransom will be doubled. Once you’ve done payment, they are supposed to send you decryption key. But nobody can guarantee that they will help you, don’t trust them, these cyber criminals are not going to do their part of the deal. Mostly, cyber-criminals just ignore people who payed them. We advice you not to invest in developing their business; instead, you should remove Sage 2.0 ransomware as soon as possible. To do so, we recommend you to use SpyHunter removal tool, you can find download link below.
How Sage 2.0 infects your PC?
Developers spread Sage 2.0 mostly relying on email messages. In this case, victim gets message from, supposedly, legitimate company. For example, it might be bill from tax company or online store like Amazon. Of course, it piques curiosity. The virus itself is stored as an email attachment under the guise of .doc file because it uses Word macros script to launch infection. The malware is also distributed through fake software updates, torrent (P2P) networks, and trojans.
To prevent suсh kinds of the threats as Sage 2.0 ransomware in the future follow these tips:
- Adjust your email anti-spam settings to filter out all the potentially unsafe incoming messages.
- Make sure, the attachments with the following extensions: .js, .vbs, .docm, .hta, .exe, .cmd, .scr, and .bat. place in the black list
- Rename the vssadmin.exe process to protect Shadow Volume Copies of your files from removal.
- Raise the level of protection of your Firewall. It can prevent ransomware from connecting with its server.
- Do not forget to backup your files regularly. This will facilitate process of decrypting files in case of infection.
- Install antimalware tool because it can detect ransomware in advance and remove the malware before the infection.
How to remove Sage 2.0 from your computer?
In order to get rid of Sage 2.0 on your computer, first thing you need to do is to run PC through full scan of some proper anti-virus program. To do so, take following steps:
- Boot your computer in Safe Mode with networking – push F8 button before your system starts;
- You’ll see Advanced boot options menu;
- Select Safe mode with networking and press Enter;
- Once you’ve entered your system in Safe Mode with networking, open your web browser and download any proper and reliable anti-malware program (like SpyHunter);
- Start entire system scan;
- After finishing scanning process, the program will remove virus from your computer.
The best and easiest way to remove Sage 2.0 from your computer is to use special anti-malware program that has this threat in its database. As stated above, you need proper and reliable anti-malware program, that’s why we recommend you to use SpyHunter.
SpyHunter 4 – it scans your computer and detects Sage 2.0, then completely removes it. One of the best features of this program – large threat’s database. SpyHunter’s newly advanced ransomware detection technology is able to run an instant ransomware scan and show you a message about detection. After deep scanning of your system, it will easily find and delete Sage 2.0. Use this removal tool to get rid of Sage 2.0 for FREE.
How to decrypt .sage files encrypted by Sage 2.0?
Once you’ve removed virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.
Decrypt .sage files with automated decryption tools
You can try to use automated decryption tool like Ransomware File Decryptor developed by Trend Micro. It may decrypt infected with Sage 2.0 files and it is free to use, so give it a try.
There is another possible solution to decrypt .sage files, use Kaspersky RakhniTool.
Decrypt .sage files manually
You can try to use one of these methods in order to restore your encrypted data manually.
Restore data with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:
- Open My Computer and search for the folders you want to restore;
- Right-click on the folder and choose Restore previous versions option;
- The option will show you the list of all the previous copies of the folder;
- Select restore date and the option you need: Open, Copy and Restore.
Restore the system with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
- Type restore in the Search tool;
- Click on the result;
- Choose restore point before the infection infiltration;
- Follow the on-screen instructions.
Restore data with Shadow Explorer
Shadow Explorer is an application that is able to provide you with Shadow Copies created by the Windows Volume Shadow Copy Service.
- Once you’ve downloaded this application, open a folder with it;
- Right-click on the file ShadowExplorer-0.9-portable and choose Extract all option;
- Run ShadowExplorerPortable.exe;
- Look at the left corner, there you can choose desired hard drive and latest restore option;
- On the right side you can see the list of files. Choose any file, right-click on it and select Export option.
Restore data with Recuva
Recuva is a data recovery program for Windows, developed by Piriform. It is able to recover files that have been “permanently” deleted and marked by the operating system as free space.
- Once you’ve downloaded and installed this application, start it in Wizard mode: choose the Options button and then select Run Wizard;
- You will see Welcome to the Recuva Wizard page, choose Next;
- Open the File Type page and choose the type of data you need to recover, after select Next. If you don’t know what kind of data you are looking for, choose Other option;
- Choose the location of a search in the File Location window;
- In the Thank you window, select Start. After finishing searching process, Recuva will show you the results of search;
- Before recovering of the data, choose the Check Boxes near the file. You can see three types of colored dots. Green dot means that your chance to restore file is excellent. Orange one – chance to restore file is acceptable. And the red one shows you that it’s unlikely to happen;
- Select Recover option and choose the directory of the restored data.
How to protect PC from Sage 2.0?
It’s pretty difficult task to get rid of any ransomware, including Sage 2.0. But you can easily prevent any infection of your PC. HitmanPro.Alert’s CryptoGuard can help you with this problem. It’s one of the best anti-ransomware applications. No matter how sneaky it is, HitmanPro.Alert’s CryptoGuard will stop Sage 2.0 infiltration to your system. After detection, this program removes all the related to the ransomware data and prevents your file from being encrypted.