Ransomware infection, calling itself SuperB, has been detected by malware researchers. The virus aims to encode the files on the computers that have been infected by it, making them no longer able to be opened. Shortly after this, the virus drops a ransom note, advertising a tor-based web page in which there are instructions on how to pay $300 worth of BitCoins. If your computer has been infected by this virus, we strongly suggest reading the following article thoroughly.
|Short Description||Encrypts the files on the computers infected by it after which drops a ransom note, demanding payment for their decryption.|
|Symptoms||Files are no longer openable. The ransom note on the image above is displayed.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by SuperB |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss SuperB.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
How Does SuperB Ransomware Infect
The infection process of SuperB ransomware looks simple, but it is comprised of many different programming tools that aid to it’s usage, starting from obfuscators to programmed functions for it’s various activities. The infection is conducted via a malicious file which is most often sent via spam messages to potential victims of this ransomware virus. E-mails are often used by the cyber-crooks in which the file is attached and the message of the e-mail often describes the attachment file as a legitimate invoice, receipt or other document of importance. Most inexperienced victims become lured into the trick and open the files.
As soon as the malicious file of SuperB ransomware is opened, it acts in a stealthy mode, without being detected and drops it’s payload on the infected computer.
SuperB Ransomware Activity
The payload of SuperB ransomware comprises of one main file encryption object. In addition to it, several support files may also be dropped that ensure the encryption process is uninterrupted and several aspects of Windows are modified before actual encryption takes place. All of the malicious files are usually located in the common Windows program folders, like:
After dropping the files, the SuperB virus may be engaged in various malicious activities on your computer such as:
- Deleting the shadow volume copies via administrative commands in Windows Command Prompt.
- Adding a registry values with the location of the encryption file in the Run and RunOnce registry sub-keys.
- Collect different system information from the user’s computer.
The Encryption of SuperB Ransomware
The encryption of SuperB ransomware is designed to target the most commonly used types of files. But the virus is also designed so that it skips important Windows files during the encryption, such as:
- System files.
- Files related to task scheduling and the registry editor.
Otherwise than that, if your computer is infected by SuperB ransomware, you can be sure that the following types of files will no longer be accessible:
- Audio files.
- Virtual drive files.
- Files, related to often used programs (Adobe Reader, Photoshop, etc.)
After encrypting the important files, SuperB drops the following ransom note, asking victims to pay $300 to get them back:
Text from ransom note:
“Welcome to the ransom page!
To get the decryption software and the private key for every single infected computer in your network please follow the on-screen instructions on how to buy and send the Bitcoin’s:
1. Please register a Bitcoin wallet. Here are the options: – Blockchain Online Wallet (the easiest way) – Other options (for advanced users) – Send via Bitcoin exchanger directly to the ransom wallet.
2. To buy the Bitcoins please use either of options below:
– localBitcoins.com – btc-e.com – coincafe.com – coinbase.com
Buy Bitcoins with Western Union and several alternative methods. Western Union, Cash, Bank Wire, etc. Recommended for fast, simple service. Western Union, Bank of America, Cash by FedEx, Moneygram, Money Order. In
NYC: Bitcoin ATM, in person. – localBitcoins.com Service allows you to search for people in your community willing to sell Bitcoins to you directly. – cex.io Buy Bitcoins with VISA/MASTERCARD or wire transfer. – btcdirect.eu The best for Europe. – bitquick.co Buy Bitcoins instantly for cash. – howtobuyBitcoins.info An international directory of Bitcoin exchanges. – cashintocoins.com Bitcoin for cash. – coinjar.com CoinJar allows direct Bitcoin purchases on their site. – anxpro.com – bittylicious.com”
Remove SuperB Ransomware and Restore Your Encrypted Files
Before beginning the removal process of this virus, it is recommended to backup your encrypted files beforehand.
Then, for the removal, you should follow the instructions below. They are created to help you remove the SuperB virus either manually or automatically. Since the SuperB virus creates multiple objects, the removal of which may be tricky, security experts recommend using an advanced anti-malware program to help you remove this virus automatically and protect your computer in the future as well.
In addition to this, if you want to restore your files, you can try the alternative tools for file recovery we have suggested below in step “2. Restore files encrypted by SuperB ransomware”. They may not be 100% guarantee you will recover all of your files but will help restore as many files as possible without paying the ransom.