Sus Ransomware Demands Payment in Bitcoin to Restore Encrypted Back

Our team recently discovered Sus ransomware while analyzing malware samples. We found that Sus is a variant of the Chaos ransomware, which encrypts data and changes the filenames of all encrypted files by appending the ".sus" extension. Sus also drops a ransom note called "read_it.txt".

For example, "1.jpg" would be changed to "1.jpg.sus" and "2.png" to "2.png.sus" when encrypted by Sus. The ransom note informs the victim that their files have been encrypted due to a ransomware attack and that decryption is not possible without the help of the ransomware creators.

The note offers a solution to purchase a special decryption software for $100, which will recover data and remove the ransomware from the computer. Payment is only accepted in Bitcoin, and the note provides several recommended websites to purchase Bitcoin. Finally, the note includes a Bitcoin address to send the payment to.

Sus Ransom Note Explicitly Demands Bitcoin

The full Sus ransom note goes as follows:

All of your files have been encrypted
Your computer was infected with a ransomware virus.
Your files have been encrypted and you won't be able to decrypt them without our help.
What can I do to get my files back? You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer.

The price for the Decryption software is $100. Payment can be made in Bitcoin only.

How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.

Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://
Bitpanda - hxxps://
MoonPay - hxxps://

Payment Amount: $100
Payment Mode: BTC / Bitcoin
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV

How Can You Protect Your Data from Ransomware Like Sus?

To protect your data from ransomware like Sus, there are several proactive measures you can take:

  • Keep your software and operating systems up to date: Updates often include patches that address security vulnerabilities and can prevent ransomware attacks.
  • Use antivirus and antimalware software: These programs can detect and block ransomware before it can infect your system.
  • Be cautious when opening email attachments or clicking links: Phishing emails often contain malware that can infect your system. Verify the authenticity of the email and its sender before opening any attachments or clicking on links.
  • Use strong passwords: A strong, unique password for each account can prevent hackers from accessing your data if one account is compromised.
  • Backup your data regularly: Make sure to back up important files regularly to an external drive or cloud-based storage. This can help you recover your data if your system is infected with ransomware.
  • Use a VPN: When connecting to public Wi-Fi, use a Virtual Private Network (VPN) to encrypt your connection and prevent hackers from intercepting your data.
  • Implement access controls: Limit access to sensitive data only to those who need it. This can minimize the risk of unauthorized access or data theft.

By following these tips, you can significantly reduce the risk of falling victim to ransomware like Sus and protect your valuable data.

March 29, 2023

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.