Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

SYSDOWN Ransomware

It is possible SYSDOWN Ransomware might have been created to infect one or a few particular computers as it was uploaded to Discord, which is a chat service. Nonetheless, since the malicious application is still available through a specific Discord website, it is entirely possible someone could distribute it to more users. Therefore, to let our readers know about this malware, we have prepared this report. If you continue reading it, you will learn how SYSDOWN Ransomware works and what damage it might do after entering the system. What’s more, in case some users encounter this threat our researchers have prepared step by step deletion instructions showing how to eliminate the malicious application manually. As always, users who would like to know anything else about the malware or its deletion could leave a comment below.

Like we said above the malicious application was uploaded to one of the popular chat service’s web pages, but to ensure no one infects their systems accidentally we will not mention this web page here. Unfortunately, if launched SYSDOWN Ransomware starts encrypting files located on the %USERPROFILE% directory and its subfolders right away. It means it does not need to create any data or in other words settle in on the infected device. Besides the mentioned directories there is a possibility the malware could encrypt data on different location as well, for example, other hard drives attached to the computer. The user should be able to recognize encrypted files easily since the malicious application is supposed to mark each locked file with .SysDown extension, for example, a file called mountains.jpg would become mountains.jpg.SysDown.

According to our researchers, the malware can encipher not only personal data like photographs, pictures, videos, music files, text documents, archives, and so on but also executable files. It means SYSDOWN Ransomware might encrypt data belonging to some of the user’s programs. Naturally, such programs should immediately crash during the encryption process, and the user would be unable to relaunch them. As a result, the victim would have to reinstall all damaged software. It is more complicated with personal files because they can be restored only if the user has backup copies. Then he could replace the locked files with copies. This is why we always recommend making copies of at least most important documents and other files from time to time.

Furthermore, SYSDOWN Ransomware not only does not create new files or folders to settle in on the infected device, but it also does not generate any ransom notes. Instead, the malicious application should show a small window called SYSDOWN, on which the user should see the following message written in red letters: SYSDOWN Pwned by the SYSDOWN virus!” What’s more, below the quoted message there should be an ID number from random characters, although there is not knowing what the victim is supposed to do with it since the described window does not explain what to do to decrypt damaged files. Usually, such threats’ creators ask for payment in Bitcoins and promise to send a decryption tool in return. However, this is not a typical situation as the hackers behind SYSDOWN Ransomware could seek not to extort money, but to simply damage someone’s data.

In any case, paying the ransom is not something we would recommend even if there were such an option. It might seem like an easy way to get your data back, but there are always cases when hackers trick users by taking their money and not providing the promised decryption tools. Consequently, it is more advisable to look for other recovery options and to remove the malware. Our researchers say to delete SYSDOWN Ransomware one need to find the malicious file launched before the system got infected and erase it. The instructions located below will show where such a file might be located and how to get rid of it. An easier option could be installing a reliable antimalware tool as this way one could simply perform a full system scan and then remove the detected threats by clicking a provided deletion button.

Eliminate SYSDOWN Ransomware

  1. Tap Win+E.
  2. Navigate to:
  3. See if you can find the malicious file that infected the system.
  4. Right-click the suspicious file and press Delete.
  5. Close File Explorer.
  6. Empty your Recycle bin.
  7. Reboot the system.
Download Spyware Removal Tool to Remove* SYSDOWN Ransomware
  • Quick & tested solution for SYSDOWN Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.