SYSDOWN Ransomware

The SYSDOWN Ransomware is an encryption ransomware Trojan. These threats are becoming common increasingly, and all use a variant of the same attack. Threats like the SYSDOWN Ransomware will encrypt the victim's files using a strong encryption algorithm, which will make it possible for them to take the victim's files hostage. These ransomware Trojans will then demand the payment of a ransom in exchange for the decryption key that is needed to recover the affected files.

Can the SYSDOWN Ransomware Crash Your System?

The programmers that frequent the TPSC Forums developed the SYSDOWN Ransomware. The SYSDOWN Ransomware was created for educational or testing purposes, as stated on the forum. However, it would not be difficult for the cybercrooks to copy and adapt the SYSDOWN Ransomware to carry out attacks against unprepared victims. That is why samples of the SYSDOWN Ransomware will be included in anti-virus databases starting in January of 2018. This would not be the first instance of encryption ransomware Trojans initially created for educational purposes being released into the wild and used against the public. In fact, the most common open source ransomware engine today, HiddenTear, was developed as a proof of concept for educational purposes initially. Since its initial release, the cybercrooks adapted its code to carry out devastating attacks, which exploded in number due to the easy availability of the new resource.

How the SYSDOWN Ransomware Attacks a Computer

The SYSDOWN Ransomware carries out a typical version of this attack. The SYSDOWN Ransomware uses the AES 256 encryption to make the victim's files inaccessible, and targets the user-generated files, which may include files such as images, texts, music, videos, spreadsheets, eBooks and numerous others. These types of threats tend to avoid the Windows system files, since they require Windows to remain functional so that the victim can pay the ransom and read the ransom note. Typical file types that may be encrypted by these attacks:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The SYSDOWN Ransomware will mark the files with the file extension '.SysDown,' which will be added to the end of each affected file's name. Like most encryption ransomware Trojans, the SYSDOWN Ransomware will deliver a message to the victim. The SYSDOWN Ransomware simply delivers a short message that reads:

'Pwned by the SYSDOWN virus!'

Most ransomware Trojans deliver a ransom note, a message instructing the victim to contact the cybercrooks by using emails or other methods to get instructions on how to pay a large ransom that should be at least several hundred US dollars, typically paid through Bitcoins. The SYSDOWN Ransomware was released publicly on the TPSC Forums and in its attack seems to include some advanced techniques, such as creating guarded memory regions and obstructing kernel debugging, both of which allow the SYSDOWN Ransomware to avoid detection from commonly used techniques.

Protecting Your Data from Threats Like the SYSDOWN Ransomware

It is not unlikely that the cybercrooks will adapt the SYSDOWN Ransomware to carry out attacks. Even if they do not, however, ransomware Trojans that are identical to the SYSDOWN Ransomware virtually are a real danger today and are very common online. Because of this, malware analysts urge computer users to back up their files on an external memory device or another safe location.

SpyHunter Detects & Remove SYSDOWN Ransomware