Threat Database Ransomware SULINFORMATICA Ransomware


SULINFORMATICA is a ransomware threat that cybersecurity experts have identified. This threatening software encrypts the data on a compromised device, rendering it inaccessible to the user. SULINFORMATICA appends a '.aes' extension to the filenames of the encrypted files. For instance, a file originally named '1.jpg' would now be displayed as '1.jpg.aes,' and similarly, '2.png' would become '2.png.aes' and so on.

Once the encryption process is completed, the ransomware generates a message called 'Instruction.txt.' This message serves as a means of communication between the attackers and the victim. The contents of this message make it clear that SULINFORMATICA primarily targets organizations and businesses rather than individual home users. This suggests that the attackers behind this ransomware are looking for larger payouts from their victims.

Furthermore, SULINFORMATICA employs a tactic known as 'double extortion.' This means that in addition to encrypting the victim's data and demanding a ransom for its decryption, the attackers also threaten to divulge the collected data if the ransom is not paid promptly. This dual approach puts additional pressure on the targeted organizations, as they not only risk losing access to their crucial data but also face potential data leaks and associated consequences.

The SULINFORMATICA Ransomware Attacks May Have Dire Consequences

The ransom note left by SULINFORMATICA informs the victim that their company's network security has been breached, highlighting the severity of the situation. During this breach, the victim's files have been systematically encrypted and locked. In addition to the encryption aspect, the ransom note claims that vital databases, documents, and other critical files from the network have been pilfered by the attackers. This not only intensifies the gravity of the situation but also introduces a dual threat to the victim's organization.

The victim is strongly encouraged to initiate negotiations with the attackers promptly. An outstanding emphasis is placed on the timing of this contact, with a warning that delaying communication for more than 24 hours can have adverse consequences for the negotiation process. The implication here is that failing to meet the cybercriminals' demands in a timely manner will result not only in permanent loss of access to the encrypted files but also in the exposure of the stolen company data.

Typically, decryption without the involvement of the attackers is an exceptionally rare occurrence, except in cases where the ransomware itself is deeply flawed. Experts also caution against blindly complying with the criminals' demands, as even if a ransom is paid, victims often do not receive the necessary decryption keys or tools, leaving them without a guarantee of file recovery. Moreover, acquiescing to these demands indirectly supports the illegal activities of the cybercriminals.

Implement Effective Measures Against Malware Attacks

Users can take several effective measures to protect themselves and their devices against malware attacks. These measures are essential for maintaining digital security and safeguarding personal information. Here are some recommended steps:

  • Use Security Software:
  • Install reputable anti-malware solutions on your devices. Keep these programs updated to ensure they can detect and remove the latest threats.
  •  Enable Firewall Protection:
  • Activate the built-in firewall on your operating system or use a third-party firewall. Firewalls help block unauthorized access and prevent malware from spreading.
  •  Regular Software Updates:
  • Keep your operating system, applications, and software up to date. Developers often release patches to fix security vulnerabilities that malware can exploit.
  •  Exercise Caution with Email Attachments and Links:
  • Be cautious when interacting with email attachments or approaching unknown links, especially if the sender is unknown or the message looks suspicious. Malware often spreads through phishing emails.
  •  Download Software from Trusted Sources:
  • Only install software and apps from reputable sources, such as official websites or app stores. Avoid downloading cracked or pirated software, as these are often loaded with malware.
  •  Use Strong Passwords:
  • Always use powerful, unique passwords for all your online accounts. If you have to, consider using a dedicated password manager to create and store intricated passwords securely.
  •  Implement Two-Factor Authentication (2FA):
  • Enable 2FA whenever possible, especially for sensitive accounts like email and online banking. This appends an extra layer of security beyond passwords.
  •  Regular Data Backups:
  • Back up your important data regularly, ideally, to an external drive or cloud storage. In case of a malware infection, you can restore your files without paying a ransom.
  •  Educate Yourself:
  • Stay informed about common malware attack techniques and tactics. Understand the signs of phishing emails, suspicious websites and potentially unsafe downloads.

By following these effective measures and staying vigilant, users can reduce their risk of being victim to malware attacks significantly and enhance their overall cybersecurity.

The text on the ransom note dropped by SULINFORMATICA Ransomware on the infected systems is:

'Hello. I SULINFORMATICA. Your infrastructure has been hit and all files are encrypted. Be warned - this is complex multi-threaded encryption. All your files are intact, they will be fully accessible after decryption. All important files/documents/databases have been downloaded from your network. They are securely hidden and stored in order to further work with your company data. We suggest that you start negotiations to resolve the situation. You can get all the information on decryption at the contacts listed below. You can get all the information on the company's data and return it to you / or remove it from public access at the contacts listed below. We also inform you that every 24 hours delays will worsen the negotiating position. Contact us as soon as possible, we are ready to help and waiting for you. Or qTox messenger (available 24/7):'


Most Viewed