SYSDOWN Ransomware

Posted: January 3, 2018

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	23

First Seen:	April 10, 2023
OS(es) Affected:	Windows

The SYSDOWN Ransomware is a file-locking Trojan that blocks media by encrypting it and displays a simple pop-up alert. While this Trojan is not in distribution for harmful purposes, threat actors sometimes hijack others' software code automatically, and even an accidental launching of this program can damage your PC's files. Have your anti-malware products block or uninstall the SYSDOWN Ransomware, when necessary, and defend your data against all similar attacks by creating backups.

A Downer for People Running Programs Carelessly

Most file-locking threats are the creations of cybercrooks who specialize in black hat programming, but some, most notoriously Hidden Tear, come into being through the efforts of well-meaning security researchers. Cybercrooks with access to the program's underlying code, then, can retool it for a real campaign against corporations or recreational PC owners. While malware experts find no incidents of the new the SYSDOWN Ransomware suffering from such a hijacking, users should remain alert to the potential risks of running it without protection.

The SYSDOWN Ransomware, the work of a user named 'Royal' at thepcsecuritychannel.com, uses conventional, AES-based encryption for locking the media on any computer it attacks, just like 'real' file-locking Trojans like Hidden Tear. Every file that it locks also displays a double extension of '.SysDown.SysDown' in its name (for instance, 'flower.jpg.SysDown.SysDown'). Documents, pictures, space-compressed archives, spreadsheets, audio, and general work databases are some of the formats most often locked by this kind of attack.

The highest-visibility symptom of the SYSDOWN Ransomware is its pop-up image, which appears to be buggy and displays itself twice. However, this window doesn't lock the screen by covering essential parts of the UI and, since it's not for live distribution, doesn't give any ransom note-related information for decrypting the media.

Getting Up on Your Relevant File System Defenses

The SYSDOWN Ransomware's author may not mean for this Trojan to cause any issues for regular PC users, but the possibility always remains for the accidental running of the program to inflict data loss. Users should be careful to make secure copies of the media most often subjected to file-locking Trojans' attacks especially, as per the above examples. 'Secure' locations can include both portable devices that are unattached at the time of an infection, as well as some cloud storage services.

At this time, only security researchers contacting appropriate parties for samples have the SYSDOWN Ransomware's executable available to them. However, the preliminary scans by centralized AV databases demonstrate that the SYSDOWN Ransomware has a high chance of avoiding being detectable by outdated security solutions. Always have your anti-malware programs as up-to-date as possible and scan new files for intercepting and deleting the SYSDOWN Ransomware and similar threats that arrive in unexpected ways.

The 'ransom' part of the SYSDOWN Ransomware may never come to be a reality, but, as Hidden Tear shows, the future can hold surprises, even for experienced programmers and security analysts. Every opening of a new file is a gamble with your files if you're not careful enough to back them up in the first place.

SYSDOWN Ransomware

Threat Metric

A Downer for People Running Programs Carelessly

Getting Up on Your Relevant File System Defenses

Leave a Reply