SYSDOWN Ransomware

Posted by Sarah Stewart on January 16, 2018

What is SYSDOWN Ransomware?

SYSDOWN Ransomware is an extremely malicious infection that may leave you no other option, but to delete the affected files and start anew. This ransomware program does not try to lure your money out of you. It does not leave any ransom note that would tell you how to retrieve a decryption tool and restore your encrypted files. Instead, the program seems to have been created solely for wiping systems clean, sabotaging multiple computers worldwide. Hence, you need to remove SYSDOWN Ransomware at once, and then focus on restoring your system. It might be challenging, but that is something you must do. test

Where does SYSDOWN Ransomware come from?

This infection has been uploaded to the Discord website via cdn.discordapp. According to our research team, this website is a chat service, and since the program has been uploaded to its servers, someone might be trying to sabotage certain systems on purpose. Whoever is connected to the said service, they could be exposed to the infection.

At the same time, it means that SYSDOWN Ransomware does not try to affect a wide range of computer users, but we can never be sure when its distribution circle expands. Hence, once again, we have to advocate the importance of safe web browsing and being cautious whenever you encounter new programs and unfamiliar files. If you know anyone who is using the Discord chat service, please advise them to refrain from logging in to their service for the time being.

What does SYSDOWN Ransomware do?

As mentioned, this program does not seem to be inclined to collect any payment from the infected users. Instead, it inflicts the damage and disappears. During our tests, we have found that SYSDOWN Ransomware encrypts the files stored in the %USERPROFILE% directory. It means that the infection affects the default file folders that are usually offered to you by the operating system. For instance, if you use Pictures, Downloads, Documents, Videos, and other default folders that are automatically there, then it is very likely that your files will be affected by this, and any other ransomware infection because they often target default directories.

It would actually be a good idea to make a disk partition to create a different directory and keep your files there. After all, this way, criminals would not know which directories they should program into their infection. They cannot guess the way you would name your directories, and so on. However, please note that it cannot guarantee a ransomware infection would not touch your files, so your best bet would be avoiding the most common ransomware distribution vectors, such as spam emails, unfamiliar websites, and so on.

Either way, when SYSDOWN Ransomware encrypts your files, it changes the file extension and adds the .SysDown appendix to the filenames. As a result, you will know exactly which files were affected by the infection. Needless to say, your system will no longer be able to access these files. It is even worse that the ransomware program will leave you hanging.

Usually, when users encounter ransomware programs, they are confronted with a ransom note that requires transferring a particular sum of money within a limited time. However, SYSDOWN Ransomware does not do anything of the sort. Once the encryption is complete, the program shows a small screen that says you have been hit by the SYSDOWN virus. It is possible to close the box, but once you do it, the malicious file should automatically delete itself, and then there is nothing left. There are no ransom notes, no additional information or decryption service.

How do I remove SYSDOWN Ransomware?

As you can see, there is no public decryption tool for this infection, so it is very likely that you will have to remove the affected files and start anew. If you have an external backup drive, it should not be a problem. Also, you must have a lot of your newest files saved on your mobile device, too. But please transfer the healthy files into your computer only when you remove SYSDOWN Ransomware for good.

The malicious file should delete itself automatically, but if it does not, you need to remove it manually. And after that, please scan your system with a reliable security program to be absolutely sure that there are no other unwanted or dangerous programs on-board.