Home / Spyware Help / SuddenTax Ransomware Removal Guide

SuddenTax Ransomware Removal Guide

by 0 Comments

Do you know what SuddenTax Ransomware is?

Even though SuddenTax Ransomware has been given another name, this infection shares similarities with Globeimposter Ransomware (e.g. they drop similar ransom notes), another ransomware-type infection analyzed by our experienced researchers some time ago. As research conducted by our specialists has clearly shown, it has also been released by malicious software developers for money extortion. You will see this for yourself if you ever encounter this threat – it will demand money from you. Cyber criminals know well that it is not so easy to obtain money from people, so they have set SuddenTax Ransomware to lock files on victims’ computers. Ransomware infections usually lock the most valuable files, and it seems that SuddenTax Ransomware is no exception because its entrance will bring you the loss of pictures, documents, music, videos, and other important files. If this has already happened, delete this malicious application from your computer right away in order not to give it a chance to lock more files. This threat is one of those ransomware infections that can start working on system startup due to the Value created in the system registry, so you will not disable it by rebooting your computer, we can assure you. Continue reading to find out what you need to do to erase SuddenTax Ransomware fully from the system.

SuddenTax Ransomware is a nasty infection encrypting files, as you, most probably, already know if you are reading this article from the beginning. It locks almost all files it manages to find on victims’ computers, except for files located in the %WINDIR% folder containing components that are necessary for the Windows OS to work properly. Users’ data affected by SuddenTax Ransomware get the .suddentax extension appended, so it, usually, does not take long for users to find out about the successful entrance of the ransomware infection. There are hundreds of ransomware-type infections that encrypt files in order to help cyber criminals to obtain money from users, but we can assure you that you have encountered SuddenTax Ransomware if you can also locate the same .html file (how_to_back_files.html) in all directories that contain files that can no longer be accessed. You will see a message if you open this file. It will tell you that “all your important data has been encrypted.” Also, you will be asked to pay 2 BTC in exchange for decrypted files. It might be possible that SuddenTax Ransomware targets companies primarily because two words “business network” can be found mentioned in the ransom note dropped. 2 BTC is a huge amount of money (it was 21 170 USD at the time of writing), so transferring money to crooks is definitely not what we recommend for the victims of SuddenTax Ransomware. If you are one of them, erase the ransomware infection fully from your computer right away. Once this threat leaves your system, all files could be restored from a backup. Sadly, there were no other ways to restore files for free at the time of analysis because this malicious application uses a strong encryption algorithm (RSA) to encrypt victims’ files.SuddenTax Ransomware Removal GuideSuddenTax Ransomware screenshot
Scroll down for full removal instructions

Since you already know how SuddenTax Ransomware operates, let’s talk about its distribution. It is not a prevalent malicious application, so there is not much information about its distribution available, but our specialists who analyze malicious applications say that it should be spread like similar threats. That is, it should be promoted via malicious emails. When users open attachments these emails hold, they immediately allow malicious software to enter their computers. Once SuddenTax Ransomware is launched, it copies itself to %LOCALAPPDATA%. Then, it creates the so-called point of execution (PoE) in the system registry. Specifically speaking, it creates an entry in HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce. It is not very sophisticated malware, but it will surely be harder to delete it due to these modifications it makes.

SuddenTax Ransomware must be removed as soon as possible if it turns out that it has entered your system and locked your files. Its removal might be a bit complicated because it makes a copy of itself and creates its own Value in the system registry, but, with our help, you should manage to erase it yourself. If you are not so sure that you can remove malware from the system manually, use an antimalware scanner instead. You will need to acquire a legitimate tool first.

How to remove SuddenTax Ransomware

  1. Tap Win+R.
  2. Type regedit.exe in the command line and press Enter on your keyboard.
  3. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  4. Locate the BrowserUpdateCheck Value, right-click it, and select Delete.
  5. Close Registry Editor.
  6. Press Win+R again and type %LOCALAPPDATA%.
  7. Click OK.
  8. Find a copy of the ransomware infection and then remove it (it might have a random name).
  9. Delete the malicious file you have launched.
  10. Empty Trash.

In non-techie terms:

If SuddenTax Ransomware ever infiltrates your computer, you will discover a bunch of files locked on your system. Just like other infections that are categorized as ransomware, it locks files on victims’ computers to push them into paying money to cyber criminals. Of course, you should not do that even if you have discovered the most important files encrypted because the chances are high that you would not be given the decryption tool. No matter what kind of malware you encounter, do not give a cent to its developer and erase it from the system right away.