Sage Randomware

[baw510]

can anyone tell me how to get rid of dreadful black page of sage randomware
all files have been encrypted

 

[Norton]

baw510 Sorry to hear that. I think the only way it can be resolved is a fresh install. Hopefully you had backups of your important files or a recent disk image?
https://blog.malwarebytes.com/threat-analysis/2017/03/explained-sage-ransomware/

I'm no salesman, but a believer that this is another reason to upgrade to Malwarebytes Premium 3.0. https://www.malwarebytes.com/premium/

 

[Bif]

can anyone tell me how to get rid of dreadful black page of sage randomware
all files have been encrypted

I second Norton's advice, can I ask how you got infected?..What site (s) were you on? ( if any )..This can be very useful to know and avoid.
Not trying to preach to the choir but safe surfing is the safest way to stay clean of the nasties.

 

[Trouble]

can anyone tell me how to get rid of dreadful black page of sage randomware
all files have been encrypted

This is a new one to me and seems to be comparable to "Cerber" which I've had some negative experience with.
It's explained in some detail here https://blog.malwarebytes.com/threat-analysis/2017/03/explained-sage-ransomware/
Including a long list of file extensions that are impacted.
But unfortunately

Conclusion
Sage, similar to Spora, uses a complex way of deriving keys. So far, there is no solution that would allow recovering files without paying the ransom – that’s why we recommend focusing on prevention instead. Malwarebytes 3.0 Premium users are protected from Sage ransomware as long as it is installed prior to being infected.

While Malwarebytes claims that users of their most recent product would be protected, I would also submit that in most of these types of attacks, it is always good to have a recent backup of critical data including a disk image.
Just to insure that you have a strong fall back position.

 

[Jorn Johanesson]

I would also submit that in most of these types of attacks, it is always good to have a recent backup of critical data including a disk image.
Just to insure that you have a strong fall back position.

Yes and Yes an Yes. A full diskimage will also retain all data. At least if you use Macrium Reflect as I due. Macrium Reflect also have a free edition that performs the task. Set it to make a weekly backup, and you are safe.

 

[Data]

You may consider also using this website https://www.nomoreransom.org
https://www.nomoreransom.org
Edit: Ignore that, doesn't seem to support sage, none the less a good resource to have.

Source:
https://thehackernews.com/2017/04/decrypt-ransomware-files-tool.html
https://thehackernews.com/2016/07/ransomware-decrypt-tool.html

Would be nice to see standalone tools being made not tied to some subscription only security software.

Speaking of such; some ransomware leverages bootkits that modify your MBR in order to install ransomware but there is a defence called MBRFilter