SucyLocker Ransomware

Posted by Lisa Blanc on June 12, 2017

What is SucyLocker Ransomware?

SucyLocker Ransomware is yet another malicious threat to come from the Hidden Tear family. The infections within this family are built using the same open source code that is available to anyone who is willing to invest some money. Although all threats from this group are similar, they are unique in their own ways because they are built by different parties. For example, it is unlikely that the developer of this ransomware is also the developer of Kindest Ransomware, Kampret Ransomware, or other well-known infections. Of course, these ransomware threats are not equal, and some are more dangerous and aggressive than others. The good news is that the one we are discussing in this report is unlikely to be extremely dangerous. In fact, you might find that it does not encrypt important files at all. Unfortunately, if important files are locked by this threat, it is unlikely that you will be able to save them. Even if you remove SucyLocker Ransomware right away, the files will remain encrypted. That being said, deleting this infection is crucial, and that is what we discuss in this report.testtesttest

How does SucyLocker Ransomware work?

The dangerous SucyLocker Ransomware is also known by the name “$ucyLocker,” and just like most other ransomware infections – especially those from the Hidden Tear family – it might utilize misleading spam emails to spread. The installer of the threat is introduced to the targeted victim as a normal file that allegedly can present useful or interesting content. The misleading message within the email supports the lie. Once you open the file, the ransomware is executed silently, and the encryption starts soon after that. According to our Anti-Spyware-101.com malware researchers, this threat should only encrypt TXT files found on the Desktop. Obviously, if such files do not exist on your Desktop, SucyLocker Ransomware cannot do any damage. If your files were encrypted, you should find the “.WINDOWS” extension appended to their names. Once the encryption is complete, a file called “READ_IT.txt” is created. This file informs that you need to “read the program” to get more information. This refers to the window that pops up. Notably, the ransomware does not lock the screen, and it will not start once your PC is restarted, and so you have to figure things out right away.

The message that pops up once SucyLocker Ransomware is done with the encryption informs that your files were locked and that you must pay a ransom to get them decrypted. The message reassures you that your files will be decrypted if you pay the ransom, but, in reality, no one can guarantee that. At the time of research, the malicious ransomware demanded a payment of 0.16 Bitcoin, which is roughly around 500 USD or 430 EUR. The fee must be transferred to 1MmpEmebJkqXG8nQv4cjJSmxZQFVmFo63M. Again, at the time of research, no money had been transferred to this account. If you find that the devious threat has managed to encrypt highly important files, you might be thinking about paying the ransom, especially since legitimate and free file decryptors cannot assist you with this encryptor. That being said, it is very risky to fulfill the demands of cyber criminals because they do not care about you or your files, and once they get what they came for – which, of course, is your money – they are most likely to disappear. This is a risk you need to think about before you choose to give in.

How to remove SucyLocker Ransomware

The dangerous SucyLocker Ransomware is capable of disabling the Task Manager, which is something that might cause problems if you decide that you want to eliminate this threat manually because you need to terminate a malicious process before you can erase the launcher of the ransomware. If you follow the instructions below, you will learn how to erase the threat manually. All in all, it is not your only option. It is much better if you installed a legitimate anti-malware tool because it does not stop working once it deletes SucyLocker Ransomware, which, by the way, it can do most efficiently and reliably. Once the anti-malware tool is done eliminating malware, it can ensure reliable, full-time protection, and that is exactly what you need if you want to protect yourself against much more dangerous and aggressive infections.

Removal Instructions

  1. Launch RUN by tapping keys Win+R.
  2. Enter gpedit.msc and click OK to access the Local Group Policy Editor.
  3. Move to User Configuration and click Administrative Templates.
  4. Now, double-click System and then Ctrl+Alt+Del Options.
  5. Once the Task Manager is enabled, tap Ctrl+Shift+Esc to launch it.
  6. Click the Processes tab and identify the malicious {random name} process.
  7. Right-click it and choose Open File Location.
  8. Return to the Task Manager, select the process, and click End Process.
  9. Go to the location of the malicious file, then right-click it, and choose Delete.
  10. Delete any other suspicious files that you have downloaded recently.
  11. Delete the ransom note file called READ_IT.txt.
  12. Empty Recycle Bin and then inspect your PC for leftovers using a legitimate malware scanner. 100% FREE spyware scan and
    tested removal of SucyLocker Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *