How Do I Eliminate SuchSecurity Ransomware & Recover ‘.Locked’ Files


SuchSecurity Ransomware Targets Corporate Networks

Few days before, security investigators uncovered SuchSecurity Ransomware when they were monitoring suspicious samples uploaded to ID-Ransomware official domain. According to them, there is no spam campaign that carries strands of this ransomware software. Even, it doesn’t provide instruction on how to deliver payment in the case of data corruption. SuchSecurity Ransomware needs a whole lot of improvements. Apart from this, you should know that this ransomware developers using EDA2 platform – a ransomware project, supposedly published on Github for educational purposes. However, nowadays the EDA2 project has been used in developments of hundreds of ransomware.

Further, you should note that SuchSecurity Ransomware is crafted to inflict maximum damages on data infrastructures that rely on commercial programs like Oracle 10G, MySQL, MariaDB, Amazon RDS, Tally (ERP). Evidently, SuchSecurity virus is similar to FSociety ransomware as well as VenusLocker. It has been released with data encryption abilities. Hence, it targets some certain types of files like asp, .mdb, .odt, .php, .png, .ppt, .pptx, .psd, .aspx, .csv, .doc, .docx, .html, .jpg, .sln, .sql, .txt, .xls, .xlsx, .xml. Following completion of data encryption, you see files having ‘.locked’ extension just right after original extension. Since your files are encoded using a custom cipher made of combination of AES and RSA ciphers, you won’t be able to decrypt them, neither you can read/modify them. But you can recover them using Free Data Recovery Software or System Restore Option.

What should you do to improve your computer protection?

SuchSecurity Ransomware is in Dev-version, soon it will start attacking Windows machines connected to corporate networks sever. Hence, computer users should prepare for a large scan attack with SuchSecurity virus that includes spam emails and trojanized software update packages. By adding a highly reputable Antivirus shield and a cloud backup manager, you can improve your computer safety chances. Also, you have to avoid participating in malicious activities like double click spam emails or other files arrived from unknown source.

However, now it’s the time, when you should make use of SuchSecurity Ransomware removal guide presented below. The removal guide also contains data recovery techniques. So, you need to follow it very carefully:

Steps to Uninstall SuchSecurity Ransomware from PC

Procedure 1: Reboot Your PC in Safe Mode

How To Start Computer in Safe Mode with Networking (Win XP/Vista/7)

  • Please restart your system. Just before the Windows start, continuously press F8 on your keyboard. Now, you will be presented with Advanced Options Menu.
  • Select Safe Mode with Networking from the selection options. Please use the keyboard’s arrow up or down to navigate between selections and then hit Enter to proceed.


Method To Start Win 8 in Safe Mode with Networking

  • Restart your PC and as soon as it begins to start, kindly please press Shift+F8 keys.
  • Instead of seeing the Advance Boot Options, Win 8 will display the Recovery Mode. So, continue with the given instructions until you reach the Safe Mode function.
  • Tap on ‘See advanced repair options’.
  • Then after, click on Troubleshoot.
  • Next, select Advanced options.
  • On the next window, choose Windows Startup Settings.
  • At last, click on the Restart button. Now, Windows 8 will restart and boot into the Advanced Boot Option wherein you can run the computer in Safe Mode with Networking.


Method 2

ShadowExplorer can be really helpful in restoring your file encrypted by SuchSecurity Ransomware

When SuchSecurity Ransomware attacks it generally tries to delete all shadows copies which is stored in your computer. But there are chances that SuchSecurity Ransomware is not able to delete the shadow copies everytime. So you need to restore the original files using shadow copies.

Follow these simple steps to restore original files through shadowexplorer

  1. you need to download shadowexplorer link from
  2. Install it on your system
  3. Now you need to open shadowexplorer and select c: drive on left panel
  1. img1Now choose at least one month ago date from date field.
  2. Now you need to go to the folder which have encrypted filed.
  3. Now right click the encrypted files
  4. You need to export the original files and choose a destination to store them.

Method 3

System restore can be another method to restore your encrypted files

1. Open start >> All Programs >> Accessories >> System tools >> System Restore

img22. Click next to go to restore window

img33. See what restore points are available for you , choose a restore point at least 20 to 30 days back.

4. Once selecting click next

5. Choose disk c: (it must be selected by default)

6. Now click next and system restore will start working and will be able to finish in few minutes.

Method 4

Another method for recovering your decrypted files are file recovery software

If above methods are not successful you can go for file recovery software. It can be helpful in recovering your encrypted files as SuchSecurity Ransomware first makes a copy of original files and then encrypt it. After encryption it deletes the original files. So there is high probability that these file recovery software can help you in recovering your original files. You can find links to some best file recovery software below.

1. Recuva : you can download from
2. Testdisk: you can download from
3. Undelete360: you can get it from
4. Pandora Recovery: you can download from
5. Minitool partition recovery: you can get it from