Home / Spyware Help / SuchSecurity Ransomware Removal Guide

SuchSecurity Ransomware Removal Guide

by 0 Comments

Do you know what SuchSecurity Ransomware is?

Our malware analysts have analyzed a ransomware-type program called SuchSecurity Ransomware. According to them, it should encrypt your files and then ask you to pay a ransom to get them back. Therefore, removing it from your computer is vital because it can compromise your computer’s security and encrypt your personal files. This ransomware should use an advanced encryption algorithm, so decrypting the file for free might not be an option. The good news is that this ransomware is now dead and its command and control server is down. So this ransomware is no longer distributed. Still, in certain cases, your PC might become infected with it as you can still find samples of this ransomware.

Our cyber security experts say that this particular ransomware might have been distributed via email spam that featured this ransomware as an attached file that you were supposed to extract and open. Furthermore, it might have been disseminated on infected websites that contained exploit kits that infected computers when the user interacted with certain content on those sites. We think that you might still encounter remaining samples of this ransomware as it might have also been distributed via pirated software cracks and keygens. If that is the case, then SuchSecurity Ransomware can still infect your PC, but whether it would be able to do anything in unknown.

If this ransomware manages to infect your computer, then it should spring into action immediately and start encrypting your files. It should have used either the AES, RSA or even both encryption algorithms and generate a public encryption and private decryption keys. The private decryption key was supposed to be sent to the control and command server which is currently down. So if there are functional samples of this ransomware, then they might generate an encryption key but fail to create and send the decryption key. Thus, this ransomware can leave you with no other option but to seek other ways to decrypt your files. It will not provide you with the means to purchase a decryption key, so your files can remain encrypted indefinitely.

The sample we have tested attempted to connect to http://192.168.59.130/webpanel/createkeys{.}php, but did not get a response so it is clear as day that the server is down and might not come back online. Nevertheless, SuchSecurity Ransomware can still pose a threat to your computer’s security if there are still samples of it featured somewhere.

In summary, SuchSecurity Ransomware is a now dead ransomware-type infection you might still encounter as it might have come in software cracks and keygens that might still be around. Its command and control server is down and should remain that way. This ransomware was designed to encrypt personal files and then demand that you pay a ransom to get them back. However, in its current state, it should not provide you with any instructions on how to pay the ransom and get your files back. Therefore, if your computer becomes infected with this malicious application, then you have to remove it, and we recommend using SpyHunter to detect and delete its hidden executable. Please consult the instructions provided below.

Removal Guide

  1. Open the web browser.
  2. Type http://www.spyware-techie.com/download-sph in the address box and hit Enter.
  3. Download SpyHunter-Installer.exe and run it.
  4. Install the program, run it and click Scan Computer Now!
  5. After the scan is complete copy the file path of the malicious executable from the scan results.
  6. Simultaneously press Windows+E keys.
  7. Type the file path of the executable in File Explorer’s address box and hit Enter.
  8. Right-click the executable file and click Delete.
  9. Empty the Recycle Bin.

In non-techie terms:

SuchSecurity Ransomware is a highly malicious application that was designed to encrypt files and possibly ask you to pay a ransom. However, our researchers have concluded that this program is dead because its command and control server is down and it does not look like its being distributed anymore. Still, some samples remain which can encrypt your files. If that is the case, then you should remove this program as soon as possible.