The little known Sage ransomware may be starting to hit the big time as reports state an upgraded version, Sage 2.0, has been spotted being spread by the same actors that normally distribute Locky, Cerber and Spora.
Sage 2.0 was spotted by a researcher Brad Duncan. The original Sage, a variant of CryLocker, was first unearthed by BleepingComputer in December 2016. Duncan in an Internet Storm Center post noted that Sage 2.0 is distributed via spam that seems to have little social engineering support.
Once infected a ransom of $2,000 is demanded.
“I’m not sure how widely-distributed Sage ransomware is. I’ve only seen it from this one malspam campaign, and I’ve only seen it one day so far. I’m also not sure how effective this particular campaign is. It seems these emails can easily be blocked, so few end users may have actually seen Sage 2.0,” Duncan wrote.