SuchSecurity Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1,088 |
First Seen: | March 8, 2017 |
Last Seen: | May 30, 2023 |
OS(es) Affected: | Windows |
The SuchSecurity Ransomware is a ransomware Trojan that has been associated with an attack in the wild designed to inflict damage on Web servers and other high profile targets. The SuchSecurity Ransomware carries out a typical encryption ransomware attack, involving the encryption of the victim's files to demand a ransom. Essentially, the SuchSecurity Ransomware will take over the victim's computer, encrypting the victim's files and then asking the victim to pay a large amount of money in exchange for the decryption key, necessary to recover access to the affected files. The SuchSecurity Ransomware poses a significant, severe threat to the data of computer users that are not protected from ransomware Trojans such as this one.
Table of Contents
The Security that You Need to Stay Away
The SuchSecurity Ransomware was first uncovered among samples uploaded to an online anti-virus program, often used to test out these threats to see whether they can evade detection. The SuchSecurity Ransomware was first observed in March 2017, and it is still uncertain if the SuchSecurity Ransomware has been responsible for attacks in the wild, or if it has been repackaged and released with a different name. The version of the SuchSecurity Ransomware being observed currently seems unfinished, as it does carry out an effective ransomware attack but does not provide instructions on how to pay the ransom or contact the SuchSecurity Ransomware's Command and Control server. However, the SuchSecurity Ransomware is still capable of an attack on the victims' computer, targeting the following file types during its infection process:
.asp, .aspx, .csv, .doc, .docx, .html, .jpg, .mdb, .odt, .php, .png, .ppt, .pptx, .psd, .sln, .sql, .txt, .xls, .xlsx, .xml.
Looking at the Potential of the SuchSecurity Ransomware Attacks
The list of file extensions targeted in the SuchSecurity Ransomware attack is limited, compared to other ransomware Trojans. This particular list suggests that the SuchSecurity Ransomware is being designed to target Web servers and online shopping platforms. The SuchSecurity Ransomware is not associated with a spam email campaign currently, a method typically used to deliver these threats. Instead, due to the nature of the infection, PC security researchers suspect that the SuchSecurity Ransomware will be distributed using more targeted distribution techniques such as direct injection or phishing email messages. The SuchSecurity Ransomware is based on EDA2, a known ransomware platform that has produced numerous other ransomware Trojans that carry out similar attacks. The files encrypted during the SuchSecurity Ransomware attack are simple to recognize because the SuchSecurity Ransomware will add the file extension '.locked' to each file that has been compromised. The encryption itself functions by combining the RSA and AES encryption, generating a private key that is encrypted and accessible only to the con artists carrying out the attack. The SuchSecurity Ransomware will change the infected computer's Desktop to display an image macro hosted on Imgur, which uses the text 'SUCH SECURITY MANY HAX.' to mock the victim of the attack.
Dealing with the SuchSecurity Ransomware Infection
Unfortunately, attacks like the SuchSecurity Ransomware use strong encryption methods that make victims' files inaccessible completely. If your computer has been compromised by the SuchSecurity Ransomware, the encrypted files will no longer be recoverable without the decryption key. However, PC security researchers strongly advise computer users to have a reliable backup method, since having file backups nullifies the SuchSecurity Ransomware and other ransomware Trojan attacks completely. Server administrators and those operating websites that are the intended target the SuchSecurity Ransomware should have an effective backup system in place. Having backup images or cloud-based backup methods means that affected computer users can simply recover their data from the backup in the time it takes to remove the compromised files and replace them with the backup copies. A reliable security application that is fully up-to-date will be capable of removing the SuchSecurity Ransomware itself, but will not be capable of restoring the files encrypted during the SuchSecurity Ransomware attack.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.