SuperB Decrypter How to Remove Ransomware +Restore Files

SuperB Decrypter How to Remove Ransomware +Restore Files

This article aims to help you by showing how to remove the SuperB Decrypter ransomware virus and how to restore files encrypted by it.

Ransomware infection, calling itself SuperB, has been detected by malware researchers. The virus aims to encode the files on the computers that have been infected by it, making them no longer able to be opened. Shortly after this, the virus drops a ransom note, advertising a tor-based web page in which there are instructions on how to pay $300 worth of BitCoins. If your computer has been infected by this virus, we strongly suggest reading the following article thoroughly.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computers infected by it after which drops a ransom note, demanding payment for their decryption.
SymptomsFiles are no longer openable. The ransom note on the image above is displayed.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by SuperB


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss SuperB.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does SuperB Ransomware Infect

The infection process of SuperB ransomware looks simple, but it is comprised of many different programming tools that aid to it’s usage, starting from obfuscators to programmed functions for it’s various activities. The infection is conducted via a malicious file which is most often sent via spam messages to potential victims of this ransomware virus. E-mails are often used by the cyber-crooks in which the file is attached and the message of the e-mail often describes the attachment file as a legitimate invoice, receipt or other document of importance. Most inexperienced victims become lured into the trick and open the files.

As soon as the malicious file of SuperB ransomware is opened, it acts in a stealthy mode, without being detected and drops it’s payload on the infected computer.

SuperB Ransomware Activity

The payload of SuperB ransomware comprises of one main file encryption object. In addition to it, several support files may also be dropped that ensure the encryption process is uninterrupted and several aspects of Windows are modified before actual encryption takes place. All of the malicious files are usually located in the common Windows program folders, like:

  • %AppData%
  • %Temp%
  • %Common%
  • %Roaming%
  • %Local%
  • %LocalLow%

After dropping the files, the SuperB virus may be engaged in various malicious activities on your computer such as:

  • Deleting the shadow volume copies via administrative commands in Windows Command Prompt.
  • Adding a registry values with the location of the encryption file in the Run and RunOnce registry sub-keys.
  • Collect different system information from the user’s computer.

The Encryption of SuperB Ransomware

The encryption of SuperB ransomware is designed to target the most commonly used types of files. But the virus is also designed so that it skips important Windows files during the encryption, such as:

  • System files.
  • Drivers.
  • Files related to task scheduling and the registry editor.

Otherwise than that, if your computer is infected by SuperB ransomware, you can be sure that the following types of files will no longer be accessible:

  • Archives.
  • Documents.
  • Videos.
  • Audio files.
  • Virtual drive files.
  • Files, related to often used programs (Adobe Reader, Photoshop, etc.)

After encrypting the important files, SuperB drops the following ransom note, asking victims to pay $300 to get them back:

Text from ransom note:

“Welcome to the ransom page!
To get the decryption software and the private key for every single infected computer in your network please follow the on-screen instructions on how to buy and send the Bitcoin’s:
1. Please register a Bitcoin wallet. Here are the options: – Blockchain Online Wallet (the easiest way) – Other options (for advanced users) – Send via Bitcoin exchanger directly to the ransom wallet.
2. To buy the Bitcoins please use either of options below:
– – – –
Buy Bitcoins with Western Union and several alternative methods. Western Union, Cash, Bank Wire, etc. Recommended for fast, simple service. Western Union, Bank of America, Cash by FedEx, Moneygram, Money Order. In
NYC: Bitcoin ATM, in person. – Service allows you to search for people in your community willing to sell Bitcoins to you directly. – Buy Bitcoins with VISA/MASTERCARD or wire transfer. – The best for Europe. – Buy Bitcoins instantly for cash. – An international directory of Bitcoin exchanges. – Bitcoin for cash. – CoinJar allows direct Bitcoin purchases on their site. – –”

Remove SuperB Ransomware and Restore Your Encrypted Files

Before beginning the removal process of this virus, it is recommended to backup your encrypted files beforehand.

Then, for the removal, you should follow the instructions below. They are created to help you remove the SuperB virus either manually or automatically. Since the SuperB virus creates multiple objects, the removal of which may be tricky, security experts recommend using an advanced anti-malware program to help you remove this virus automatically and protect your computer in the future as well.

In addition to this, if you want to restore your files, you can try the alternative tools for file recovery we have suggested below in step “2. Restore files encrypted by SuperB ransomware”. They may not be 100% guarantee you will recover all of your files but will help restore as many files as possible without paying the ransom.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share