SuddenTax Ransomware
The SuddenTax Ransomware is an encryption ransomware Trojan that was first observed in February 2018. The SuddenTax Ransomware is being distributed to its victims via email messages containing attached Microsoft Word files. The SuddenTax Ransomware will be downloaded and installed on the victim's computer by corrupted macro scripts. This is a typical delivery method for these infections that has become popular since 2015. It is necessary to take precautions against these threats to ensure that your files are safe and no malware is downloaded from unsolicited email attachments.
The SuddenTax Ransomware Targets the User-Generated Files
The SuddenTax Ransomware will encrypt the victims' data, searching for the user-generated files onto the victim's computer. The SuddenTax Ransomware will use a heavily build encryption algorithm to make the victim's files inaccessible. The SuddenTax Ransomware will avoid the Windows system files and target commonly used document formats, which may include any of the following file types:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The SuddenTax Ransomware will rename the files encrypted by its attack to include the file extension '.suddentax' to the end the file's name. The SuddenTax Ransomware also will delete any Windows functions that could help computer users recover, such as the System Restore points and the Shadow Volume copies.
How the SuddenTax Ransomware Demands Its Ransom from Its Victims
The SuddenTax Ransomware delivers its ransom note in the form of an HTA program window with a black background, which contains the following text:
'YOUR FILES ARE ENCRYPTED!
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
To recover data you need decryptor. To get the decryptor you should
PAY TO DECRYPT YOUR BUSINES NETWORK(ALL COMPUTERS) - 2 BTC:
SITE FOR BUY BITCOIN:
Buy 2 BTC on one of these sites
1. h[tt]ps://localbitcoins[.]con2
2. h[tt]ps://nww.coinbase[.]com
3. h[tt]ps://schange[.]cc
BITCOIN ADRESS TO PAY:
INNMSNItmPEVg6HBF6NxvPrymHLAEkaXwOK Send 2 BTC for decrypt
AFTER THE PAYMENT:
Send screenshot of payment to fileredeemer@protonmail.com or filaedeeme@tuta.io. In the letter include your personal ID (look at the beginning of this document)
AFTER YOU WILL RECEIVE A DECRYPTOR AND INSTRUCTIONS
Attention!
• Only our team can decrypt your files.
• No Payment = No decryption!
• You really get decryptor after payment. As a guarantee you can send 1 test image or text file on our email and letter include your personal ID)
• Do not attempt to remove program or run any antivirus tools! This doesn't help.
• Decoders of other users me not compatible with your data, because each infected computer have unique encryption key!!!
• Attempts to self-decrypting files will result in the loss of your data.'
Victims of the attack are demanded to pay nearly 20,000 USD in Bitcoins at the current exchange rate. Computer users should both refrain from paying the SuddenTax Ransomware ransom and avoid contacting the people responsible for this attack. Instead, computer users should take steps to safeguard their data from these threats. Some effective steps computer users can take to protect themselves from these attacks include backing files up on the cloud or an external memory device and using a reliable security program that is fully up-to-date to protect their data and computer from threats like the SuddenTax Ransomware. Having file backups is the best protection since it removes any leverage the criminals have to demand a ransom payment from the victim.
