Suri Ransomware
The Suri Ransomware is an Italian, file-locking Trojan from the FTSCoder or the Stupid Ransomware family. Its attacks may block the files by encrypting them, display ransom-related pop-ups, and prevent you from accessing your desktop or any other programs. Keeping backups of your work in other places can reduce any ransoming incentive from infections, and various brands of anti-malware programs can delete the Suri Ransomware from your computer securely.
Stupid (Ransomware) is as Stupid Does
FTSCoder, also referenced with the name of the Stupid Ransomware, is a small family of file-locker Trojans whose activity pales if compared to threats like the Jigsaw Ransomware, Hidden Tear, or most of the Ransomware-as-a-Service industry. Nevertheless, a threat actor is starting to take this resource seriously as a means of deploying a multiple-country campaign for extorting money and locking files. The Suri Ransomware, although using Italian-language components predominantly, also includes some support for attacking victims outside of Italy.
As with other variants of the Stupid Ransomware, such as the Annabelle Ransomware and its derivative, the RedEye Ransomware, or last year's WhyCry Ransomware and FuckTheSystem Ransomware, the Suri Ransomware requires Windows and .NET Framework. It uses a simple, non-secure encryption routine, which it runs inside of a hidden background process, for blocking files like documents, pictures or archives. Once it completes the locking of media, along with adding '.SLAV' extensions to their names, its users get the most evident symptom of the attack: a screen-blocking pop-up.
The Suri Ransomware's first pop-up promotes the threat actor's Teamspeak server for the ransoming process on buying his unlocking decryption service. A more involved, secondary pop-up (using an advanced Web page) gives the victim more details, a decryption UI and a timer. The Suri Ransomware is set to delete itself once the timer reaches zero, although the ransom note gives its victims contradictory warnings about how much time that they have left. Although the above components use a default of Italian, the second half has a feature for changing the language.
Doing Your Part for Keeping Italy Unencrypted
Although the Suri Ransomware's threat actor is prioritizing Italians for his victims, numerous grammar issues in the ransoming messages imply that he is doing so from another country with limited familiarity with Italy. Techniques for dropping file-locking Trojans onto the victims' computers run the gamut from brute-force attacks that exploit badly-chosen passwords to e-mail spam, torrents, and even exploit kits. Abiding by Web-browsing safety standards like disabling JavaScript, patching software whenever it's relevant, and using robust passwords will eliminate many of the possible infection vectors.
In general, malware experts recommend against paying ransoms from file-locking Trojans, which, often, deliver a fake or buggy decryption service. In the case of the Suri Ransomware's three hundred Euro ransom, victims should be aware of free alternatives, such as the StupidDecryptor particularly. Backing up your work to other devices also can keep it safe from any attacks, and any qualified anti-malware software should remove the Suri Ransomware as soon as they detect its executable.
Outsmarting a criminal trying to damage your files for money isn't very difficult, and takes no more than a minimal attentiveness towards your backup routine and your network's security. However, it seems that threat actors are continuing to make money out of those who would prefer abetting the variants of 'stupid' software like the Suri Ransomware with their bad habits.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.