Supersuso Ransomware
The Supersuso Ransomware is threatening malware that has been observed in the wild by infosec researchers. The threat is designed to lock the files stored on the compromised systems and render them unusable via a strong encryption algorithm. The attackers then extort their victims for money, by offering to send them the decryption key and software tool that could potentially restore the data.
When Supersuso locks a file, it also appends '.ICQ_SUPERSUSO' to that file's original name. It shows the victims that they would need to install the ICQ messenger to contact the hackers. After encrypting all target file types, the threat delivers a ransom message in the form of a text file named '#Decrypt#.txt.'
Ransom Note's Details
Opening the ransom note reveals that the attackers have, apparently, managed to also collect sensitive private information from the victim's systems. They threaten to either release this information to the public for free or try to sell it to interested parties if 72 hours pass without being contacted by the victims. As we said earlier, the only communication channel mentioned in the note is the same ICQ account. The rest of the hacker's message is taken up by various warnings.
The full text of the note is:
'Hello my dear friend
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @supersuso hxxps://icq.im/supersuso
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write, the more favorable the conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption
IF WE DONT SEE MESSAGES FROM YOU IN 72 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS,AFTER YOU WILL SEE IT AT OPEN SOURCE AND DARKNET
tell your unique ID.'
