SuchSecurity Ransomware is a latest discovered file encrypting threat which is first spotted by cyber security researchers in March 2017. It is also a part of the open source ransomware project which is known as Hidden Tear. According to the researchers, this threat is designed to target mostly online stores and server networks. This nasty threat is aim to damage the infrastructure which is based on softwares like Maria DB, Oracle, MySQL, DB2 etc. Expert also claim that it is based on EDA2 project and work like the Venus Locker ransomware which was detected earlier in November 2016. Basically it is a file encrypting threat which lurk down the targeted system silently to carry out its attack. Being a typical ransomware, it scan the system and encode all the important files stored on it with the help of RSA and AES ciphers.
SuchSecurity Ransomware : What happens after the attack?
Upon successful execution, SuchSecurity Ransomware scan your system to lock the files. After encrypting the file it attach “.locked” extension to them which is common among the Hidden tear ransomware. The file with .locked extension are no longer openable. Beside that it also delete the shadow volume copy so that the victim can’t restore their files. After accomplishing the encryption process, the ransomware drops following files in the infected computer :
- Randomly named executable type of file.
- Executable named eda2.exe
- Test file.
- An image with the doge meme.
Not only this, it also connect the system to remote connection 192.168.59.130 and also drop an image of Doge meme having the following link :
Like most of the EDA2 variants do, SuchSecurity Ransomware also encipher specific files type such as:
.asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .txt, .xls, .xlsx, .xml.
It is unfortunate that the ransomware securely encrypt all the data and it is impossible to decode them without the help of private key or decryption tool. The very ransomware also encode data of the storage media which is attached to the infected computer. If you have backup copy of your files then you can easily recover them. Beside that you can also use any reliable recovery program too. Antivirus vendor have detected the objects related with this ransomware from the following names :
- Variant of MSIL/Filecoder.Y
- MSIL:Ransom-L [Trj]
Intrusion method of SuchSecurity Ransomware
There are multiple ways through which developer of ransomware distribute it, but mostly they rely on spam email campaign. The targeted user will get an email which pretend to be send from reputable company or appear as an invoice send by online shop. The email only look legitimate, in real it contain executable files or link. So when user open the attachment the ransomware automatically get active in the system. Beside that it also come bundled with application that is masked legitimate on the torrent websites. So installing such software allow the ransomware to install in the system silently.
How to remove SuchSecurity Ransomware?
If your system also get infected by SuchSecurity Ransomware then you need to remove it before you go for the file recovery. If you let the threat in your system then it again encrypt the file and also invite other threat. There are two possible ways to remove ransomware manual and automatic (Recommended). To remove it manually you can use the following steps :
Step 1: Restart system in Safe Mode with Networking
- Click start button then click Shutdown button.
- Now Click on Restart and click OK.
- Continue pressing F8 key once your PC become active.
- It launch the Advanced Boot Options window.
- Select Safe Mode with Networking
Step 2 : Uninstall ransomware via control panel
- Click on Start menu > Control Panel
- Now go to programs and click on Uninstall a Program.
- Look for ransomware related files
- Select the malicious program and click Uninstall/Change
- Click OK to save the changes.
Step 3 : Remove malicious Registry Files
- Click on Window + R key simultaneously
- Now Type “regedit.exe” in dialog box
- Press OK to Open Registry Editor
- Look for malicious files and delete them
If the ransomware persist even after using the manual removal steps then don’t be panic. You can remove it completely with the help of Free-scanner.