An executable associated with a new type of lockscreen ransomware, named SureRansom has been detected out in the open. The executable aims to perform multiple modifications on the computer of the victims including locking the screen of the computer it affects. But this is not all the damage done by this executable. It also immediately locks the victim out of the affected system, demanding the sum of approximately 50 GBP to be paid to the cyber-criminals. It is not clear whether or not the virus has begun infecting users since it may still be in development stage but it may also encrypt files with AES-256 cipher in addition to the lock screen it ads. To remove SureRansom ransomware, make sure to follow our removal instructions.
|Short Description||Locks the screen of the affected computer, displaying a message that aims to extort the vicitm into paying a hefty ransom.|
|Symptoms||The user may witness a suspicious .exe process running on his/her Task Manager, several seconds after which the screen locks up.|
|Detection Tool|| See If Your System Has Been Affected by SureRansom |
Malware Removal Tool
|User Experience||Join our forum to Discuss SureRansom.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
SureRansom Virus – How Does It Infect
In order to cause an infection on a computer, if released, the ransomware may include a set of tools, such as the following:
- Spam bots to help spam messages on social media and other online locations.
- E-mail spamming kits which include multiple e-mails that are used one time only for the spam campaign and then dumped.
- Spamming software or services.
- Malware obfuscators that hide executable files from different e-mail protection software.
- Malicious macros embedded in documents that cause infection when the user clicks on “Enable Content” or other buttons that enable macros on those documents.
In addition to this, the cyber-criminals may also have a wide database of deceptive e-mails which are the key to a successful infection. E-mails may contain convincing statements that aim to trick the user into opening the malicious attachment, for example an invoice of a non-existent purchase or suspicious activity on a bank account.
SureRansom Virus – More Information
When the suspicious .exe file of SureRansom is opened on the user PC, it is executed as a process in Windows Task Manager. After several seconds, the malicious executable begins to perform several different activities on the compromised computer which results in the immediate lockage of the screen with the following lockscreen appearing:
The message in the lockscreen itself not only does multiple different activities, but also claims to encrypt the files on the compromised computer by using and AES-256 cipher. So far, this information has not been confirm, leaving it only to removing the lockscreen. This lockscreen also leads to a payment page, which asks the victim to decide whether or not payoff should be made:
Remove SureRansom Ransomware and Unlock Your Screen
Whatever the case of SureRansom may be, if you are already infected by it, do not panic and DO NOT pay any ransom. This threat is removable, and you may be able to unlock your files. But first you will need to remove all the registry objects and other types of files associated with SureRansom from your computer. For this to happen, we advise you to follow our removal instructions below. They will help you secure your PC in SafeMode and perform the removal process. For maximum effectiveness, malware analysts always advise to use an advanced anti-malware program which will help you remove any files created by SureRansom on your computer as well as other objects and changed settings automatically.
In addition to this, it is highly recommended to focus on several different methods to restore your files, in case SureRansom has actually encrypted them, which is not as likely. Some of those methods we have mentioned in the instructions down below, just in case.