Threat Database Ransomware SUKA Ransomware

SUKA Ransomware

The SUKA Ransomware is yet another crypto locker malware that has been spawned from the infamous Dharma malware family. Compared to previous threats front the family, the SUKA Ransomware doesn't exhibit any major modifications or improvements apart from the hackers' email addresses as communication channels and the specific extension for the encrypted files.

Being just a Dharma Ransomware variant in no way means the SUKA Ransomware is any less threatening as it can easily lock users from their computer systems. Files encrypted by the threat cannot be cracked through brute force attempts, and users will suddenly lose access to both their private as well as business-related files. The affected files' names will be changed drastically, as is the case with all Dharma variants. Appended to the original filenames will be a string of characters representing the ID of the specific victim, followed by an email address under the control of the cybercriminals, and finally '.SUKA' as a new extension. The email address is '' Another typical Dharma aspect that has been retained by the SUKA Ransomware is the two-fold delivery of the ransom note. The hackers' instructions will be dropped in text files named 'FILES ENCRYPTED.txt,' which will be placed in every folder containing encrypted data. The actual ransom note, however, will be displayed in a pop-up window created by the threat.

Indeed, opening the text files will provide victims of the SUKA Ransomware with little useful information as the text inside simply states for them to contact either the '' email or an alternate address at '' The pop-up window clarifies that the secondary email should be used only if the victims do not receive an answer 12 hours after contacting the primary email. The pop-up window also contains various warnings, such as not renaming any of the encrypted files or trying to restore them through third-party tools that could damage the data irreversibly.

The note found in the text files created by the SUKA Ransomware is:

'all your data has been locked us

You want to return?

write email or 

The instructions displayed in the pop-up window are:


Don't worry,you can return all your files!

If you want to restore them, follow this link:email YOUR ID -

If you have not been answered via the link within 12 hours, write to us by


Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a tactic.'

Related Posts


Most Viewed