Saturn is a ransomware that runs on Microsoft Windows. It allows anyone to become a ransomware distributor for free via a newly launched Ransomware-as-a-Service (RaaS) affiliate program. It is aimed at English-speaking users.



Saturn is distributed by hacking through an insecure RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injects, fake updates (including Flash Player), repackaged and infected installers.


Victims who get infected with Saturn will have to pay decryption fees on the Saturn payment portal located at su34pwhpcafeiztt.onion. This money goes to the main Bitcoin account of the Saturn ransomware authors.

If the file that infected the victim was generated on the RaaS portal, the user who generated the file and spread it to the victim will receive 70% of the total payment, while the Saturn creators keep 30%.

Community content is available under CC-BY-SA unless otherwise noted.