SuchSecurity Ransomware Targets Corporate Networks
Few days before, security investigators uncovered SuchSecurity Ransomware when they were monitoring suspicious samples uploaded to ID-Ransomware official domain. According to them, there is no spam campaign that carries strands of this ransomware software. Even, it doesn’t provide instruction on how to deliver payment in the case of data corruption. SuchSecurity Ransomware needs a whole lot of improvements. Apart from this, you should know that this ransomware developers using EDA2 platform – a ransomware project, supposedly published on Github for educational purposes. However, nowadays the EDA2 project has been used in developments of hundreds of ransomware.
Further, you should note that SuchSecurity Ransomware is crafted to inflict maximum damages on data infrastructures that rely on commercial programs like Oracle 10G, MySQL, MariaDB, Amazon RDS, Tally (ERP). Evidently, SuchSecurity virus is similar to FSociety ransomware as well as VenusLocker. It has been released with data encryption abilities. Hence, it targets some certain types of files like asp, .mdb, .odt, .php, .png, .ppt, .pptx, .psd, .aspx, .csv, .doc, .docx, .html, .jpg, .sln, .sql, .txt, .xls, .xlsx, .xml. Following completion of data encryption, you see files having ‘.locked’ extension just right after original extension. Since your files are encoded using a custom cipher made of combination of AES and RSA ciphers, you won’t be able to decrypt them, neither you can read/modify them. But you can recover them using Free Data Recovery Software or System Restore Option.
What should you do to improve your computer protection?
SuchSecurity Ransomware is in Dev-version, soon it will start attacking Windows machines connected to corporate networks sever. Hence, computer users should prepare for a large scan attack with SuchSecurity virus that includes spam emails and trojanized software update packages. By adding a highly reputable Antivirus shield and a cloud backup manager, you can improve your computer safety chances. Also, you have to avoid participating in malicious activities like double click spam emails or other files arrived from unknown source.
However, now it’s the time, when you should make use of SuchSecurity Ransomware removal guide presented below. The removal guide also contains data recovery techniques. So, you need to follow it very carefully:
Steps to Uninstall SuchSecurity Ransomware from PC
Procedure 1: Reboot Your PC in Safe Mode
How To Start Computer in Safe Mode with Networking (Win XP/Vista/7)
- Please restart your system. Just before the Windows start, continuously press F8 on your keyboard. Now, you will be presented with Advanced Options Menu.
- Select Safe Mode with Networking from the selection options. Please use the keyboard’s arrow up or down to navigate between selections and then hit Enter to proceed.
Method To Start Win 8 in Safe Mode with Networking
- Restart your PC and as soon as it begins to start, kindly please press Shift+F8 keys.
- Instead of seeing the Advance Boot Options, Win 8 will display the Recovery Mode. So, continue with the given instructions until you reach the Safe Mode function.
- Tap on ‘See advanced repair options’.
- Then after, click on Troubleshoot.
- Next, select Advanced options.
- On the next window, choose Windows Startup Settings.
- At last, click on the Restart button. Now, Windows 8 will restart and boot into the Advanced Boot Option wherein you can run the computer in Safe Mode with Networking.
ShadowExplorer can be really helpful in restoring your file encrypted by SuchSecurity Ransomware
When SuchSecurity Ransomware attacks it generally tries to delete all shadows copies which is stored in your computer. But there are chances that SuchSecurity Ransomware is not able to delete the shadow copies everytime. So you need to restore the original files using shadow copies.
Follow these simple steps to restore original files through shadowexplorer
- you need to download shadowexplorer link from http://www.shadowexplorer.com/downloads.html
- Install it on your system
- Now you need to open shadowexplorer and select c: drive on left panel
- Now choose at least one month ago date from date field.
- Now you need to go to the folder which have encrypted filed.
- Now right click the encrypted files
- You need to export the original files and choose a destination to store them.
System restore can be another method to restore your encrypted files
1. Open start >> All Programs >> Accessories >> System tools >> System Restore
2. Click next to go to restore window
3. See what restore points are available for you , choose a restore point at least 20 to 30 days back.
4. Once selecting click next
5. Choose disk c: (it must be selected by default)
6. Now click next and system restore will start working and will be able to finish in few minutes.
Another method for recovering your decrypted files are file recovery software
If above methods are not successful you can go for file recovery software. It can be helpful in recovering your encrypted files as SuchSecurity Ransomware first makes a copy of original files and then encrypt it. After encryption it deletes the original files. So there is high probability that these file recovery software can help you in recovering your original files. You can find links to some best file recovery software below.
1. Recuva : you can download from http://www.piriform.com/recuva/download
2. Testdisk: you can download from http://www.cgsecurity.org/wiki/TestDisk_Download
3. Undelete360: you can get it from http://www.undelete360.com/
4. Pandora Recovery: you can download from http://www.pandorarecovery.com/
5. Minitool partition recovery: you can get it from http://www.minitool.ca/