Sage 2.2 Ransomware Removal (June 2019 Update)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Sage 2.2 Ransomware for free. Our instructions also cover how any Sage 2.2 file can be recovered.

The page that you landed on is dedicated to a very malicious Ransomware threat named Sage 2.2. If your files have been encrypted by its nasty algorithm and a disturbing ransom note has appeared on your screen, asking you to pay ransom to get your files back, then you are in the right place. Here you will learn what the possible options are that you can choose from, to deal with this dreadful threat and eventually restore some of your data. In case that you don’t want to pay any money to any hackers and you eagerly want to remove Sage 2.2 Ransomware, the step-by-step guide below will help you clean your system. But first, make sure you read the information that follows, because it will give you essential information about the nature of the Ransomware and its tricky abilities, so that you can handle it effectively and minimize its malicious consequences.

Ransomware infections – the fastest evolving threats that you can encounter

Ransomware threats are very sophisticated malicious cryptoviruses, which serve as blackmail tools for criminal hackers to extort money out of online users. They develop very fast, and newer and more advanced versions of them come out every day to infect hundreds of people and businesses all around the globe. What makes Ransomware so dangerous is its data encryption, which when used for malicious purposes, prevents users from accessing their files by locking them with a very complex encryption algorithm. The purpose of that encryption is to keep the locked files hostage, until a fat amount of money (usually requested in Bitcoins) is paid to the hackers behind the threat as ransom. 

What is Sage 2.2 and how does it encrypt your files?

Sage 2.2 is, to the present moment, one of the latest representatives of the Ransomware family and is specially developed to lock your data and then blackmail you to pay ransom if you want it back. It sneaks silently into your system, usually through some system vulnerabilities or with the help of a Trojan horse infection. You may get infected with it if you randomly click on a spam email, malicious attachment, fake ads or misleading links that may redirect you to some infected web locations or drive-by downloads. However, the sad thing is that you may not really realize that an infection has happened until the malicious encryption has been completed. This Ransomware is extremely dangerous, mostly because it is so good at hiding itself inside the computer, that there are hardly any visible symptoms that may give you a hint about its harmful presence. It will encrypt all of your data and you won’t even come to know about it until a shocking ransom note appears on your screen and notifies you about the infection. In it the hackers will inform you about the possibility to decrypt your files with the help of a special decryption key, but they will ask you a fat amount of money as ransom for it.

What are the options of dealing with Sage 2.2?

Unfortunately, dealing with a Ransomware threat like Sage 2.2 and recovering from its harmful consequences is extremely difficult. In most of the cases, a professional’s help may be required to remove the nasty infection and clean all of its traces from the compromised machine. However, that may cost you a lot. Another option is to try to remove Sage 2.2 with the help of some step-by-step instructions like the ones in the removal guide below. A powerful antivirus program can help in terms of prevention, but once the malicious encryption is done, there is hardly anything that can decrypt the affected files. Even paying the ransom to the crooks can’t guarantee that you will recover all of your data. The decryption key that the hackers usually send may not always work flawlessly, not to mention that very often the victims don’t even hear from the hackers, once the ransom payment is made. After all, these are criminals, who are only interested in getting your money and don’t really care about you and your misery once they get what they want. That’s why it is not advisable to pay the ransom, and it is worth trying every other option that can help combat the Ransomware and its harmful encryption. You can restore some of your files from external backups, for example. Or, you can try the steps in the removal guide below to extract some data from the system itself. We can’t promise you 100% success, but still, it may minimize your data loss.


Name Sage 2.2
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Hardly any symptoms can give you a hint about the infection until the ransom note appears on your screen.
Distribution Method It sneaks silently into your system, usually through some system vulnerabilities or with the help of a Trojan horse infection. You may get infected with it if you randomly click on a spam email, malicious attachment, fake ads or misleading links that may redirect you to some infected web locations or drive-by downloads.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Sage 2.2 Ransomware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Sage 2.2 files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!

1 Comment

  • We have no way of knowing when a decryptor for this particular virus will be released. However, we can assure you that as soon as we learn that one has been developed, we will post it in our How to Decrypt Ransomware article.

Leave a Comment