Home / Spyware Help / SySS Ransomware Removal Guide

SySS Ransomware Removal Guide

by 0 Comments

Do you know what SySS Ransomware is?

You probably do not need to read twice to understand that SySS Ransomware is a dangerous computer infection. It clearly is a ransomware infection, and thus it means that the program is there to encrypt your files and hold them hostage. The people behind such infections expect you to pay the ransom fee for the files that were encrypted, but you should never do that as it would only encourage the criminals to create more similar threats. Remove SySS Ransomware from your computer today, and then make sure you safeguard your data against other similar threats.

We have covered multiple ransomware programs from this group. SySS Ransomware belongs to the Dharma or Crysis Ransomware family, and as such, the program is really similar to Bitx Ransomware, Dever Ransomware, RSA Ransomware, and many other apps that can lock up our files. At the same time, it also means that SySS Ransomware doesn’t bring anything new to the table. It employs the same distribution tactics as its predecessors, and thus it must enter the target system via spam email attachments.

Rather than targeting individual users, it is far more likely that SySS Ransomware aims for small businesses because small businesses are less likely to implement the most recent security measures. The logic behind this is that small businesses might not have enough funds to invest in a data backup, and so on. Although such an assumption might be quite reasonable, it doesn’t mean that smaller companies are helpless against ransomware attacks. They just need to educate their employees about malware threats and how they can reach them. Since SySS Ransomware and other similar infections travel via spam attachments, it is important to learn how to recognize a potential infection slithering into your inbox.SySS Ransomware Removal GuideSySS Ransomware screenshot
Scroll down for full removal instructions

Normally, the ransomware installer files look like regular Microsoft Office or PDF document files. Therefore, if your employees have to go through a ton of such files every single day, they might not notice that something is wrong with the one they have received. Nevertheless, if the email comes from a completely unknown party, or if the message in the email is urgent, one should stop and think twice. Finally, if it is hard to determine whether the message is authentic or not, it is always possible to employ a legitimate antispyware tool that would help you check whether the file is safe or not. Just scan the received file with the security tool, and you will know.

When users fail to do that, SySS Ransomware finds a way into their systems, and then it causes chaos. The program launches the file encryption that affects almost all personal files stored on the hard drive. The affected files also receive a file extension that shows your infection ID and the email address you need to use to contact the criminals. If that is not enough, the program also opens a pop-up window that says the following:

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail syspentest@aol.com
Write this ID in the title of your message [ID]
In case of no answer in 24 hours write us to theese e-mails: syspentesting@aol.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

Please note how SySS Ransomware doesn’t indicate how much you need to pay for the decryption. It only emphasizes that you need to contact these people, and if you don’t do that, you will not retrieve your files.

The truth is that it might not be possible to restore your files either way. Of course, you should address a local professional who can tell you more about the possible file recovery options. It is also possible to restore your files from a backup. But the problem with ransomware is that it often leaves vulnerable users with no other choice but to start collecting their data anew. Thus, it is important to remove SySS Ransomware immediately, but it is vital to learn to avoid such infections in the future.

How to Remove SySS Ransomware

  1. Remove the most recently downloaded files from Desktop.
  2. Delete the most recently downloaded files from the Downloads folder.
  3. Delete the FILES ENCRYPTED.txt ransom note from all affected directories.
  4. Use the Win+E command to access the following directories:
    %APPDATA%
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %WINDIR%\System32
  5. Delete the Info.hta and a random-named EXE file from the mentioned directories.
  6. Press Win+R and type regedit. Click OK.
  7. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  8. On the right, right-click the values related to the Info.hta and random EXE file and delete them.
  9. Run a full system scan with SpyHunter.

In non-techie terms:

SySS Ransomware is a dangerous computer infection. It might not be that hard to remove it from your computer, but ransomware makes it extremely challenging to restore the files the infection has affected. Please do not feel discouraged if there is no public decryption tool for this infection. Improve your overall cybersecurity levels, and protect your computer from similar intruders. As for your files, do not hesitate to reach out to a professional for help.