Suspended Ransomware

The Suspended Ransomware is a file encoder Trojan that was reported by computer security analysts on February 26th, 2019. The Suspended Ransomware Trojan is a generic crypto-threat aimed at home PC users. The payload is transmitted to users when they open a corrupted Microsoft Word file received via spam email. The threat actors utilize a hidden macro script that downloads and executes the Suspended Ransomware on devices without alerting the users. The Suspended Ransomware is programmed to encode user-generated files like photos, video, audio records, databases, notes, eBooks, office documents and PDFs. The name of the Trojan is derived from the marker placed on encrypted data, namely — '.SUSPENDED.' For example, 'Bonobos workwear.pptx' is renamed to 'Bonobos workwear.pptx.SUSPENDED.'

The ransom notification is shown via '!!!RestoreProcess!!!.txt' that is located on the desktop, and it is one of a few files the Suspended Ransomware leaves on the infected computers. The threat actors designed the Suspended Ransomware to self-destruct and direct users to write an email to 'suspendedfiles@india.com' before they are directed to a payment portal. The Suspended Ransomware team requires users to send an email in the first seventy-two hours from infection and have $600 ready to pay for the decryption. You may be invited to submit 1-2 images to the Suspended Ransomware team so that they can prove they have a decryptor. However, this may be a simple trick to convince users to pay the money, and you may not receive a decryptor after that. We recommend removing the Suspended Ransomware with the help of a trusted anti-malware utility and booting data backups. You should not have to pay money to the Suspended Ransomware actors, and you may wish to install a powerful backup manager on your PC.

Here is the ransom message associated with the Suspended Ransomware :

'All your important files were encrypted on this PC.
All files with .SUSPENDED extension are encrypted.
Encryption was produced using unique private key RSA-1024 generated for this computer.
To decrypt your files, you need to obtain private key + decrypt software.
To retrieve the private key and decrypt software, you need to contact us by email suspendedfiles@bitmessage.ch send us an email your !!!RestoreProcess!!!.txt file and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Price for decryption $600 if you contact us first 72 hours.

Reserve email address to contact us:
suspendedfiles@india.com'