‘.surprise File Extension’ Ransomware

Posted: March 14, 2016
Threat Metric
Threat Level: 8/10
Infected PCs 91

‘.surprise File Extension’ Ransomware Description

The '.surprise File Extension' Ransomware is a file encryption Trojan that attacks your data in hopes of forcing you to pay a ransom fee. These ransoms have no supporting legal authority or any guarantee that the con artists will provide a solution to their first attacks, and malware researchers don't encourage paying them. Most anti-malware products should be capable of identifying typical file encryptors, and other data recovery strategies can be put into play after you delete the '.surprise File Extension' Ransomware.

A not so Pleasant Surprise for Your File System

Although the new year has brought some surprises for malware researchers, other elements of threat campaigns remain very traditional, based on derivatives of tried-and-true Trojan design. March has seen the emergence of another Trojan based on old file encrypting attacks: the '.surprise File Extension' Ransomware. For the victim, the most noticeable changes are updates to the name of the extensions associated with it, as well as a new ransom instruction, although the '.surprise File Extension' Ransomware's main attacks still are as capable as those of past file encryptors.

The '.surprise File Extension' Ransomware's body, the 'surprise.exe' executable file, uses one form of encryption to block itself from being identified. It includes a corresponding loader that decrypts its base64 string before launching the Trojan. A completed payload lets the '.surprise File Extension' Ransomware use another encryption technique against file data on the compromised PC, simultaneously making the files unreadable while also adding the '.surprise' file extension to their names. Unsurprisingly, this visual change of file format doesn't have any relationship with any real file format conversion.

The '.surprise File Extension' Ransomware finishes its attack by dropping two Notepad files on your hard drive. The texts include instructions for purchasing a decryption service from the fraudsters administering the '.surprise File Extension' Ransomware through Bitcoin (a preferred currency for illicit activities in general, and especially ransomware campaigns). Unlike the campaigns of past file encryptors, malware researchers note that the '.surprise File Extension' Ransomware's con artists are open to haggling, and may ask for a ransom fee ranging from 200 to 10,000 USD in value.

Packing a Surprise Trojan Back in Its Box

Some versions of the '.surprise File Extension' Ransomware may make use of file archives, such as .ZIP bundles, for protecting themselves from detection by various security tools. Nevertheless, malware researchers have found that many, major brands of anti-malware software can identify the '.surprise File Extension' Ransomware, albeit often by heuristic titles, such as Gen:Variant.MSILPerseus.14499 or Gen:Variant.Barys.51812. Installers may distribute themselves through e-mail attachments, corrupted websites or pirated downloads.

If your PC is compromised by the '.surprise File Extension' Ransomware before the threat is detected, act under the assumption that third parties may have backdoor access to your system. Remove the '.surprise File Extension' Ransomware with the anti-malware software of your choosing, and change any passwords that could be used to access your accounts.

Recovering any lost information or files can be attempted after uninstalling the '.surprise File Extension' Ransomware. While paying ransom fees to con artists offers only a slim chance of getting any data restored, malware researchers find that you can achieve better odds against file encryptors by using public domain decryptor tools and sensible backups.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to ‘.surprise File Extension’ Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware ‘.surprise File Extension’ Ransomware