Systemdown@india.com Ransomware

Posted by Max Lehmann on September 6, 2016

What is Systemdown@india.com Ransomware?

Systemdown@india.com Ransomware is an infection that installs itself on the system without any permission, although it does so only after you launch a malicious file. Unfortunately, the consequences are rather severe as the infection locks almost all files on the computer. According to the ransom note, users can decrypt their data if they contact the provided email address. However, it is not as easy as it could look like. Their suggested decryptor would not be free of charge. Plus, there are no guarantees that they will send the tool, and if they do not deliver it, there is no way to get your money back. Thus, before you make a rash decision we urge you to read the whole article and should you choose to erase the threat, we are adding deletion instructions below to make it easier for you.testtest

Where does Systemdown@india.com Ransomware come from?

As the research shows the infection could be spread with Spam emails. Without checking the attached file with an antimalware tool, it might be difficult to say whether it is malicious or not. That is because sometimes these files look like text documents, pictures, or other files that do not raise any suspicion. In this case, you should look for warning signs elsewhere. For instance, perhaps the file was sent by someone you are not familiar with, was classified as spam, or came unexpectedly. Threats like Systemdown@india.com Ransomware can do quite a lot of damage to the system, and to avoid it is necessary to take extra precautions, e.g. check attachments with an antimalware tool, ignore suspicious emails, etc.

How does Systemdown@india.com Ransomware work?

Systemdown@india.com Ransomware is based on CrySiS Ransomware engine, so it might be from the same family as other similar threats, e.g. Radxlove7@india.com Ransomware, Alex.vlasov@aol.com Ransomware, Vegclass@aol.com Ransomware, and other. The malicious program encrypts user’s data with a strong cryptosystem known as RSA-2048. From what our researchers at Anti-spyware-101.com have seen, the malware can lock not only your personal data but also files of third-party software.

Since it can encrypt lots of different file types, the infection should affect almost all data on the system. The only exception it makes is for data created by the Microsoft. As a result, users can still use the computer, but it is impossible to access private data or launch third-party programs. Additionally, the malware could also replace Desktop wallpaper with a picture that carries the ransom note. It instructs to write the infection’s developers via email. Our specialists say that the reply from Systemdown@india.com Ransomware’s creators should state the price for the decryption tool. Since no one can give you any assurances and there is a chance you could lose the transferred money, we advise against paying the ransom.

How to eliminate Systemdown@india.com Ransomware?

Even though we are offering manual deletion instructions below, it is important to mention that they might be too difficult for some users. Therefore, it would better to check them first and see if it is something you can handle. The removal could be rather complicated because Systemdown@india.com Ransomware’s data that needs to be erased might have random titles. In other words, we can tell you where these files are, but it is hard to say what their names could be. Nonetheless, if you cannot eliminate the threat manually, it is possible to get rid of it with a trustworthy antimalware tool. Firstly, install the tool and set it to scan the system. Then wait till it finished the task and click the deletion button.

Remove Systemdown@india.com Ransomware

  1. Press Win+E to open the Explorer.
  2. Locate and erase random executable files from the listed directories:
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    %WINDIR%\Syswow64
    %WINDIR%\System32
  3. Close the Explorer.
  4. Launch the RUN by pressing Win+R.
  5. Type regedit, select OK and wait till the Registry Editor appears.
  6. Find this location HKCU\Control Panel\Desktop and look for a value name called Wallpaper.
  7. Right-click it, press Modify, replace “Decryption instructions.jpg” with another image and click OK.
  8. Navigate to this location HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers and find a value name titled as BackgroundHistoryPath0.
  9. Right-click it, select Modify, remove “Decryption instructions.jpg” and type a title of a picture you like.
  10. Find this path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  11. Search for value names that have random titles.
  12. See if their value data points to these locations:
    %WINDIR%\Syswow64\*.exe
    %WINDIR%\System32\*.exe
  13. Select these value names separately, right-click them and select Delete.
  14. Close the Explorer and empty Recycle Bin.
100% FREE spyware scan and
tested removal of Systemdown@india.com Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *