Home / Spyware Help / Suri Ransomware Removal Guide

Suri Ransomware Removal Guide

by 0 Comments

Do you know what Suri Ransomware is?

Suri Ransomware is a file encryptor. It can be either extremely damaging or not damaging at all. That depends on where you keep your files installed. According to our malware researchers, the infection encrypts everything in its way, but it only encrypts files found on the Desktop, as well as folders on the Desktop. So, if your most sensitive files are located someplace else, you might get out of this mess without dealing with any lasting consequences. That being said, if important files are encrypted, they cannot be recovered because they are encrypted using a highly complex AES encryption algorithm. Since most of us keep the documents we are working on and photos we just uploaded on the Desktop, it is possible that the malicious infection could be very successful at corrupting highly sensitive and important files. All in all, whether or not your personal files were encrypted, you must remove Suri Ransomware ASAP.

The creator of Suri Ransomware is unknown, but there is no doubt that they employed the Hidden-Tear open source code. It has been used by the developers of ShutUpAndDance Ransomware, PooleZoor Ransomware, PTP Ransomware, AndreaGalli Ransomware, and hundreds of other infections alike. Since they are built and operated by different parties, they can be distributed in different ways too. If you want to minimize your chances of encountering ransomware – as well as other types of malware – we advise staying away from spam emails, unreliable installers, bundled installers, remote access connections, ads, and random links. If you are not cautious, the infection can be installed silently, and you might not be able to notice it until all files are encrypted. When they are, the “.SLAV” extension is added to their names, and you cannot open them. Unfortunately, there isn’t much you can do. While you can remove the extension, that will not decrypt the files. They will not be restored even after you delete Suri Ransomware.Suri Ransomware Removal GuideSuri Ransomware screenshot
Scroll down for full removal instructions

According to our research, Suri Ransomware can create a copy of itself and add it to the startup folder (%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\) to make it run on every startup. The name of the copy is random. There is another file created in the same folder, and it should be called “SuriProtector.exe.” This file is still a mystery, but it is possible that it could have been set up to ensure that users cannot kill and remove Suri Ransomware. If you try to kill it, the system crashes automatically, and that is why, it is only possible to eliminate the threat via Safe Mode. Besides these two executables, the infection also creates “Back.jpeg” that replaces your regular background image. The file displays a message in Italian that urges to pay a ransom of 100 Euro. Should you go with it? You should not because you do not want to waste your money. Keep it and invest it in reliable anti-malware software instead.

You can follow the steps listed below if you have made up your mind and you are sure you want to delete Suri Ransomware manually. At first, you must reboot to Safe Mode, or Safe Mode with Networking if you choose to implement an anti-malware program to have the infection eliminated automatically. Without a question, we suggest installing the program, and not only because it can remove Suri Ransomware automatically. You need this program to keep your operating system safe in the future. If you do not take care of that, you could be facing a new major threat pretty soon.

Remove Suri Ransomware from Windows

  1. Reboot the operating system to Safe Mode.
  2. Find and Delete the launcher of the ransomware that might be placed anywhere.
  3. Access Explorer (tap Win+E keys).
  4. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ into the field at the top.
  5. Delete the copy of the ransomware (.exe file with a random name).
  6. Delete the file named SuriProtector.exe.
  7. Move to the Desktop.
  8. Delete the file named back.jpeg.
  9. Empty Recycle Bin.
  10. Install a trusted malware scanner.
  11. Run a full system scan, and if malicious leftovers exist, erase them ASAP.

How to reboot to Safe Mode

Windows 10/Windows 8

  1. Restart the PC and wait for BIOS screen to load.
  2. Tap F8 continuously to access the boot options menu.
  3. Go to See advanced repair options and then to Troubleshoot.
  4. Click Advanced options, select Startup Settings, and then click Restart.
  5. Select the Safe Mode option.

Windows 7/Windows Vista/Windows XP

  1. Restart the PC and wait for BIOS screen to load.
  2. Tap F8 continuously to access the boot options menu.
  3. Using arrow keys select Safe Mode and then tap Enter.

In non-techie terms:

If your Windows operating system is attacked by Suri Ransomware, the files found on the Desktop and inside Desktop folders can be encrypted permanently. Although the creator of the infection wants you to believe that your files can be recovered once you pay a ransom of 100 Euro, you need to be smart. Cyber criminals can make bogus promises just to get your money, and you do not want to be duped, do you? Unfortunately, it is most likely that your files will remain encrypted regardless of what you do. Therefore, we suggest you delete Suri Ransomware right away. Then, immediately back up the remaining files to ensure that copies are protected. Always back up new files to avoid loss.