Ransomware Research
Satan's Doom Crypter Ransomware
Satan's Doom Crypter is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2017, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Satan's Doom Crypter
- First Seen
- December 1, 2017
How Satan's Doom Crypter Ransomware Works
File Encryption Patterns
Satan's Doom Crypter modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..lockedRansom Note and Payment Demands
After encrypting files, Satan's Doom Crypter displays ransom notes demanding payment for file recovery:
READ_IT.txtRansom message:
notes/READ_IT.txt
Note locations:
DesktopRansom message:
notes/note.txt
Note locations:
OnceOnCompletionRansom message:
notes/L6xzvLS.jpg
Note locations:
DesktopTechnical Indicators
Associated Executable Files
The following executable files are associated with Satan's Doom Crypter ransomware:
hidden-tear.exetmp5DE7.tmp.exe
Elastio Can Help You
Don't let Satan's Doom Crypter ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Satan's Doom Crypter ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Satan's Doom Crypter.
Last updated: July 30, 2025