The Sysdf virus falls under the Dharma ransomware family. Harmful software of such sort encrypts all the data on your computer (photos, text files, excel tables, music, videos, etc) and appends its extra extension to every file, leaving the read.txt files in every folder containing encrypted files.
What is known about the Sysdf virus?
☝️ Sysdf is a Dharma family ransomware malicious agent.
The renaming will be executed by the following scheme: .id-xxxx.[contact-email].SYSDF. After the encryption, a file entitled, for instance, “report.docx” will be altered to “report.docx.id-9ECFA84E.[[email protected]].SYSDF”.
In every folder that contains the encrypted files, a read.txt text file will be found. It is a ransom money memo. It contains information about the ways of contacting the racketeers and some other remarks. The ransom note most probably contains instructions on how to purchase the decryption tool from the tamperers. You can obtain this decoding tool after contacting [email protected] through email. That is it.
Sysdf Overview:
| Name | Sysdf Virus |
| Ransomware family1 | Dharma ransomware |
| Extension | .SYSDF |
| Ransomware note | read.txt |
| Contact | [email protected] |
| Detection | Trojan:Win32/Gozi.RC!MTB, Ransom:Win32/StopCrypt.SAC!MTB, MSIL/TrojanDownloader.Agent.QCS |
| Symptoms | Your files (photos, videos, documents) have a .SYSDF extension and you can’t open them. |
| Fix Tool | See If Your System Has Been Affected by Sysdf virus |
The read.txt document accompanying the Sysdf malware states the following:
all your data has been locked us You want to return? write email [email protected]
In the image below, you can see what a directory with files encrypted by the Sysdf looks like. Each filename has the “.SYSDF” extension added to it.
An example of encrypted .SYSDF files.
How did my machine catch Sysdf ransomware?
There is a huge number of possible ways of ransomware infiltration.
There are currently three most popular methods for hackers to have ransomware planted in your system. These are email spam, Trojan introduction and peer file transfer.
- Another thing the hackers might try is a Trojan horse scheme. A Trojan is an object that infiltrates into your computer pretending to be something different. Imagine, you download an installer for some program you need or an update for some program. However, what is unpacked turns out to be a harmful program that encrypts your data. Since the installation package can have any title and any icon, you’d better be sure that you can trust the resource of the files you’re downloading. The optimal thing is to trust the software companies’ official websites.
- As for the peer file transfer protocols like torrents or eMule, the danger is that they are even more trust-based than the rest of the Internet. You can never know what you download until you get it. So you’d better be using trustworthy websites. Also, it is reasonable to scan the folder containing the downloaded objects with the antivirus as soon as the downloading is done.
How do I get rid of ransomware?
It is important to note that besides encrypting your data, the Sysdf virus will probably deploy Vidar Stealer on your machine to seize your credentials to different accounts (including cryptocurrency wallets). The mentioned program can extract your credentials from your browser’s auto-filling data.
How do I avert ransomware injection?
Sysdf ransomware doesn’t have a endless power, so as any similar malware.
You can armour your PC from its attack within three easy steps:
- Never open any emails from unknown mailboxes with strange addresses, or with content that has nothing to do with something you are expecting (can you win in a money prize draw without participating in it?). In case the email subject is likely something you are expecting, check all elements of the dubious letter carefully. A fake letter will surely have a mistake.
- Do not use cracked or unknown software. Trojans are often spreaded as an element of cracked products, possibly under the guise of “patch” which prevents the license check. But dubious programs are very hard to distinguish from reliable software, as trojans may also have the functionality you need. Try to find information about this software product on the anti-malware forums, but the optimal solution is not to use such programs at all.
FAQ
🤔 Are the “.SYSDF” files accessible?
Unfortunately, no. You need to decipher the “.SYSDF” files first. Then you will be able to open them.
🤔 I really need to decrypt those “.SYSDF” files ASAP. How can I do that?
It’s good if you have fаr-sightedly saved copies of these important files elsewhere. In case you haven’t, there is still a chance that you do have a Restore Point from some time ago to roll back the whole system to the moment when it had no virus yet, but already had your files. The rest of the methods require patience.
🤔 What should I do if the Sysdf malware has blocked my computer and I can’t get the activation key.
🤔 What can I do right now?
Some of the blocked files can be found elsewhere.
- If you exchanged your critical files via email, you could still download them from your online mailbox.
- You may have shared images or videos with your friends or relatives. Just ask them to give those images back to you.
- If you have initially got any of your files from the Web, you can try to do it again.
- Your messengers, social networks pages, and cloud storage might have all those files too.
- Maybe you still have the needed files on your old PC, a notebook, cellphone, flash memory, etc.
USEFUL TIP: You can use data recovery programs2 to get your lost data back since ransomware encodes the copies of your files, removing the original ones. In the video below, you can learn how to recover your files with PhotoRec, but remember: you can do it only after you kill the ransomware itself with an antivirus program.
Leave a Comment