Sysfrog Ransomware

The Sysfrog Ransomware is a newly uncovered file-encrypting Trojan. It would appear that this ransomware threat is not a part of any of the popular ransomware families such as the Dharma Ransomware, the Globe Imposter Ransomware or the Scarab Ransomware. Often, cybercriminals opt to use already established threats to base their own creations, as it is much less time-consuming. But not in this case.

It has not been confirmed how exactly the Sysfrog Ransomware is being spread online, but malware researchers speculate that the cyber crooks behind this data-locking Trojan are employing spam email campaigns, faux software updates and pirated software. When the Sysfrog Ransomware infiltrates a targeted PC successfully, it will scan its contents. Then, the files, which will be locked are located, and the Sysfrog Ransomware is ready to start the encryption process. When the Sysfrog Ransomware locks a file, it alters its name by adding '[sysfrog@protonmail.com]' in front of the original name, and '.sysfrog' extension at the end of it. For example, a file called 'chocolate.jpeg' will be renamed to '[sysfrog@protonmail.com]chocolate.jpeg.sysfrog.' Then, the Sysfrog Ransomware proceeds to drop a short and concise ransom note by the name 'how_to_decrypt.txt.' The attackers state that the files of the user have been encrypted and demand 0.3 BTC (~$2,600 at the time of writing this article) to be sent to their BitCoin wallet – 3FoiK3TTfA42Du34aFWTV9qTg5XChVh18c. They go on to provide an email address where they are to be contacted in case the victim has any questions – sysfrog@protonmail.com.

We recommend you to stay away from cybercriminals like the individuals behind Sysfrog Ransomware. It is likely that they will trick you into paying up but will not provide you with the decryption tool you need. A better option is to make sure you obtain a legitimate anti-malware application and have it clean your system.