'.surprise File Extension' Ransomware
The '.surprise File Extension' Ransomware is a ransomware infection that has been active since early 2016. PC security analysts believe that the '.surprise File Extension' Ransomware is a variant of TeslaCrypt, a well-known ransomware threat that has been active in the wild since 2014. The '.surprise File Extension' Ransomware is just one of the numerous new variants of TeslaCrypt, which was released in its version 3.0 in early 2016. Although previous versions of TeslaCrypt were not difficult to recover from thanks to the development of a decryption utility, the '.surprise File Extension' Ransomware and the various new versions of TeslaCrypt have fixed this vulnerability, meaning that files encrypted by the '.surprise File Extension' Ransomware are no longer recoverable without access to the decryption key.
Is the '.surprise File Extension' Ransomware Different from Other Ransomware?
Threats like the '.surprise File Extension' Ransomware are designed to follow the same basic strategy when infecting a computer. The '.surprise File Extension' Ransomware may be delivered by compromised email attachments. As soon as the victim opens the email file, the '.surprise File Extension' Ransomware attacks the victim's computer, searching for files that match a list of extensions contained in the '.surprise File Extension' Ransomware's configuration files. PC security analysts have discovered that the '.surprise File Extension' Ransomware and other TeslaCrypt variants look for the extensions that match the list below (new extensions may be added to this list with each configuration update):
.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.
The '.surprise File Extension' Ransomware attack encrypts all files using AES encryption. Each encrypted file's extension is converted to 'SURPRISE' and text, and HTML files are dropped in directories that contained encrypted files. Once a file has been compromised by the '.surprise File Extension' Ransomware, it may be impossible to recover it without access to the decryption key. Unfortunately, to access the decryption key, computer users will need to pay the ransom. PC security researchers strongly advise computer users against paying this ransom. Instead, backups should be kept so that files can be recovered from an external backup in case of a '.surprise File Extension' Ransomware infection. The following is an example of the text ransom notes that the '.surprise File Extension' Ransomware delivers to the victim's computer:
What happened to your files ?
All of your files were protected by a strong encryption.
There is no way to decrypt your files without the key.
If your files not important for you just reinstall your system.
If your files is important just email us to discuss the price and how to decrypt your files.
You can email us to nowayout@protonmail.com and nowayout@sigaint.org
Write your Email to both email addresses PLS
We accept just BITCOIN if you dont know what it is just google it.
We will give instructions where and how you buy bitcoin in your country.
Price depends on how important your files and network is.it could be 0.5 bitcoin to 25 bitcoin.
You can send us a 1 encrypted file for decryption.
Feel free to email us with your country and computer name and username of the infected system.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.