Cybersecurity researchers have uncovered a new threatening malware named Sus. According to the experts, Sus falls into the ransomware category and works by encrypting data and adding the '.sus' extension to the filenames of all encrypted files. Furthermore, the ransomware drops a ransom note in the form of a 'read_it.txt' file and changes the current desktop background of the device. For instance, encrypted files are renamed in the following way: '1.jpg' becomes '1.jpg.sus,' '2.png' becomes '2.png.sus,' and so on. It is also important to note that Sus is a variant of the Chaos Ransomware family.
The Sus Ransomware Locks Victims Out of Their Own Files
The ransom note informs the victim that all of their computer files have been locked using a malware breach, and the files can only be decrypted with the assistance of the ransomware creators. The note presents the victim with a choice to buy a special decryption tool for $100, which can retrieve the locked data and eliminate the ransomware from the computer system.
The payment is requested to be made in Bitcoin, which is a digital currency that allows for anonymous transactions. The note provides various recommended websites where the victim can purchase Bitcoin. Furthermore, the note also includes a Bitcoin address to which the victim is supposed to send the payment.
Ensuring the Security of Your Data is Crucial
Ransomware infections can be devastating to individuals and businesses, as they can result in the loss of valuable data, financial loss, and damage to reputation. Here are some steps that users can take to protect their files and data from ransomware attacks:
- Install and keep updated antivirus and anti-malware software: Antivirus and anti-malware software can help detect and remove ransomware infections from a computer.
- Keep software up-to-date: Install software updates as soon as they become available. Cybercriminals often exploit security vulnerabilities in outdated software to gain access to a system.
- Backup important data regularly: Regularly backup all important data to an external hard drive, cloud-based storage service, or other secure location. This ensures that data can be restored in case of a ransomware attack.
- Avoid suspicious emails and links: Be cautious of emails from unknown senders or containing suspicious attachments or links. Ransomware attacks often begin with phishing emails that contain malicious links or attachments.
- Use strong passwords: Create strong passwords for all accounts and change them regularly. Passwords must be a combination of letters, numbers, and special characters.
- Enpower two-factor authentication: Two-factor authentication adds an extra layer of security by requiring users to enter a second type of authentication, such as a code sent to their mobile phone.
By following these steps, users ca reduce the possibiliy of falling victim to a ransomware attack significantly and protect their valuable data.
The content of the ransom note dropped by Sus Ransomware is:
'All of your files have been encrypted
Your computer was infected with a ransomware virus.
Your files have been encrypted and you won't be able to decrypt them without our help.
What can I do to get my files back? You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer.
The price for the Decryption software is $100. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com
Bitpanda - hxxps://www.bitpanda.com
MoonPay - hxxps://www.moonpay.com/buy/btc
Payment Amount: $100
Payment Mode: BTC / Bitcoin
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV'