Suri Ransomware

Suri Ransomware can encrypt all types of files, but according to our researchers who tested this malware, it targets only the data that is in the Desktop directory and its subfolders. Meaning, other data placed in different locations should not be harmed. Therefore, we do not think it is worth paying a ransom for decryption tools and by doing so risking your savings. The hackers may not necessarily keep up with their promises, and in the end, the invested money could be lost in vain. If you do not want to risk being tricked and have no intentions to fund the cybercriminals behind Suri Ransomware, we encourage you not to pay any attention to the ransom note it shows and remove it at once. The instructions available a bit below this report will guide you through the process, although if you do not think you can eliminate the malicious application manually, you could install a reliable antimalware tool instead.

No doubt, users who encounter such threats for the first time wonder how they managed to get in. The truth is malware like Suri Ransomware usually infects the system with the help of its user. Of course, in most cases, the victim does not realize he is about to launch an infection. As you see, some hackers distribute installers of their malicious applications via Spam emails or untrustworthy file-sharing web pages. This is why, we would recommend being more cautious with emails from people you do not know, especially if the data they send you is not something you were expecting to receive. Plus, it would be best not to visit torrent or other unreliable file-sharing websites as their offered installers could be bundled with such infections or other threats. Having a reliable antimalware tool that could protect the computer in case of an emergency would be a good idea as well, so if you have not acquired such a tool yet, we would advise doing so if you want to guard your system.

What’s more, it looks like Suri Ransomware was based on open source ransomware known as Hidden Tear. Same as the mentioned software it uses AES encryption algorithm to encrypt the targeted data. To our knowledge, the malware can encipher any file as long as it is located either in the Desktop folder or its subfolders. Thus, provided the victim does not have a lot of important data placed on his Desktop, the damage received should be minimum. Also, our researchers say the malicious application should start the encryption process as soon as it settles in and once it is done all encrypted file should have an additional extension called .SLAV. Next, Suri Ransomware is supposed to show a window with a ransom note. It says the user can get his files back if he pays 100 euros in Bitcoins. Besides, the note might warn users not to kill the malware’s process, which happens if the user closes the infection’s window. We can confirm closing the malicious application’s window might crash the system and so recommend against it.

If you do not like the idea of having to pay for hackers who ruined your files, you should not do so. After all, the malware encrypts only the data located on the Desktop folder, and if you have backup copies anywhere else, you can replace encrypted files with them. It seems to us the safest option after encountering Suri Ransomware is to erase it. Users who prefer dealing with the threat manually should know it might not be an easy task.

Deleting the malware’s data is possible only if you kill the threat’s process, but as we explained earlier, it might crash the system. As a result, a reboot into Safe Mode is needed, and the task might require some patience. Nonetheless, if you think you are up to it, you could slide below the article and follow the provided steps. Another way to get rid of Suri Ransomware is to download a reliable antimalware tool, let it do a full system scan, and then click the given removal button.

Restart the computer in Safe Mode

Windows 8/Windows 10

1. Tap Win+I for Windows 8 or open Start menu for Windows 10.
2. Press the Power button.
3. Click and hold Shift then click Restart.
4. Pick Troubleshoot and choose Advanced Options.
5. Go to Startup Settings and click Restart.
6. Press F5 and restart the PC.

Windows XP/Windows Vista/Windows 7

1. Navigate to Start, select Shutdown options and pick Restart.
2. Press and hold F8 when the PC starts restarting.
3. Mark Safe Mode with Networking.
4. Select Enter and log on.

Get rid of Suri Ransomware

1. Click Win+E.
2. Find these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
3. Look for the malware’s installer (suspicious recently downloaded file), then right-click it and press Delete.
4. Search for this location %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
5. Find a malicious executable file, for example, 03capx2x.exe.
6. Right-click the suspicious executable file and press Delete.
7. Go to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
8. Find a file named SuriProtector.exe, right-click it and select Delete.
9. Remove image named back.jpeg from Desktop.
10. Exit File Explorer.
11. Empty Recycle bin.
12. Restart the system.