Threat Database Ransomware Berosuce Ransomware

Berosuce Ransomware

By CagedTech in Ransomware

The Berosuce Ransomware is one of the newest ransomware threats that have reared its head on the Internet. Once malware researchers spotted it and studied it, they found that the Berosuce Ransomware belongs to the STOP Ransomware family. Many less-skilled cybercrooks opt to create ransomware threats like the Berosuce Ransomware by using the code of well-established data-locking Trojans like the STOP Ransomware.

Infiltration and Encryption

Cybersecurity experts have not been able to conclude what is the exact infection vector employed in the propagation of this ransomware threat. Some have guessed that the creators of the Berosuce Ransomware may be using some of the most popular techniques for spreading malware of this kind – spam emails that contain macro-laced attachments, fraudulent application updates, and copies of software downloaded from unofficial sources. If the Berosuce Ransomware manages to compromise your PC, it scans it so that it can determine the locations of the data it was programmed to target. Once the scan is completed, the Berosuce Ransomware will trigger the encryption process. The Berosuce Ransomware uses an encryption algorithm to lock your files securely. When the Berosuce Ransomware encrypts a file, it will change its name by adding a new extension at the end of the filename ‘.berosuce.’ For example, an audio file you had named ‘thunderstorm.mp3’ originally will be renamed to ‘thunderstorm.mp3.berosuce,’ and you will no longer be able to play it.

The Ransom Note

Next comes the dropping of the ransom note. The Berosuce Ransomware’s ransom note is named ‘_readme.txt,’ which complies with the naming pattern of most variants of the STOP Ransomware. The note reads:


Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Our Telegram account:

The attackers state that the ransom fee is $980, but if the user gets in touch with them within 72 hours, they will receive a 50% discount dropping the fee to $490. They offer to decrypt one file free of charge to prove to the victims that they are capable of decrypting the data. The authors of the Berosuce Ransomware provide two email addresses to the victims – ‘’ and ‘’ Furthermore, they offer Telegram contact information, too - @datarestore.

You should stay away from cyber crooks in general. Nothing good can come out of attempting to negotiate with individuals that lack scruples. Instead, it is better to look into obtaining a reputable anti-virus software suite that will not only rid you of the Berosuce Ransomware but will ensure that your PC will be protected from such threats in the future.


Most Viewed