Sus Ransomware Demands Payment in Bitcoin to Restore Encrypted Back
Our team recently discovered Sus ransomware while analyzing malware samples. We found that Sus is a variant of the Chaos ransomware, which encrypts data and changes the filenames of all encrypted files by appending the ".sus" extension. Sus also drops a ransom note called "read_it.txt".
For example, "1.jpg" would be changed to "1.jpg.sus" and "2.png" to "2.png.sus" when encrypted by Sus. The ransom note informs the victim that their files have been encrypted due to a ransomware attack and that decryption is not possible without the help of the ransomware creators.
The note offers a solution to purchase a special decryption software for $100, which will recover data and remove the ransomware from the computer. Payment is only accepted in Bitcoin, and the note provides several recommended websites to purchase Bitcoin. Finally, the note includes a Bitcoin address to send the payment to.
Sus Ransom Note Explicitly Demands Bitcoin
The full Sus ransom note goes as follows:
All of your files have been encrypted
Your computer was infected with a ransomware virus.
Your files have been encrypted and you won't be able to decrypt them without our help.
What can I do to get my files back? You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer.The price for the Decryption software is $100. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com
Bitpanda - hxxps://www.bitpanda.com
MoonPay - hxxps://www.moonpay.com/buy/btcPayment Amount: $100
Payment Mode: BTC / Bitcoin
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
How Can You Protect Your Data from Ransomware Like Sus?
To protect your data from ransomware like Sus, there are several proactive measures you can take:
- Keep your software and operating systems up to date: Updates often include patches that address security vulnerabilities and can prevent ransomware attacks.
- Use antivirus and antimalware software: These programs can detect and block ransomware before it can infect your system.
- Be cautious when opening email attachments or clicking links: Phishing emails often contain malware that can infect your system. Verify the authenticity of the email and its sender before opening any attachments or clicking on links.
- Use strong passwords: A strong, unique password for each account can prevent hackers from accessing your data if one account is compromised.
- Backup your data regularly: Make sure to back up important files regularly to an external drive or cloud-based storage. This can help you recover your data if your system is infected with ransomware.
- Use a VPN: When connecting to public Wi-Fi, use a Virtual Private Network (VPN) to encrypt your connection and prevent hackers from intercepting your data.
- Implement access controls: Limit access to sensitive data only to those who need it. This can minimize the risk of unauthorized access or data theft.
By following these tips, you can significantly reduce the risk of falling victim to ransomware like Sus and protect your valuable data.
