SYSDOWN Ransomware Removal Guide

SYSDOWN Ransomware is a rather unusual ransomware application as it does not drop any documents with demands to pay a ransom and promises to send a decryption tool in return. In some cases, such threats are simply still in the development stage, and they do not encrypt any data either, but not in this case. Our specialists report the malicious program can encipher all data, except the one needed by the computer’s operating system. Sadly, other software installed on the infected device can be encrypted too. Thus, if it infects your computer, all you can do is reinstall all damaged programs and replace enciphered personal data with copies from removable media devices, cloud storage, and so on. Of course, first of all, it would be best to secure the system by eliminating SYSDOWN Ransomware; you could remove it with by completing steps available below or by performing a system scan with a trustworthy security tool of your preference.

To begin with, there is a chance the malicious program does not leave any ransom note on purpose. Researchers say that instead of gaining money the hackers who developed SYSDOWN Ransomware might have wanted to damage some particular person’s data. This possibility comes from the fact the malware was sent through a chat service software called Discord. Nevertheless, since it was uploaded onto a particular Discord website, it can be downloaded and distributed by anyone, e.g., through malicious Spam emails. Therefore, as always when it comes to such threats it is advisable to be cautious with emails from unknown senders if the user wants to avoid this type of malware. To strengthen the computer, we would recommend keeping a reliable security tool as well; just make sure you update it from time to time so it would be able to recognize newer threats too.

Moreover, to protect data placed on the computer from ruin in case you come across a malicious program like SYSDOWN Ransomware, the user should think of a way he could easily back up his data, e.g., copy valuable files to cloud storages, removable hard drives, and so on. Otherwise, if the user does not have a backup, all of his data might be ruined in a couple of minutes as the malicious program was programmed to start enciphering user’s data immediately. Our specialists learned it goes after data found on %USERPROFILE% and its subfolders. If the computer has more than C disk, files located on other disks could be encrypted too, although we cannot be completely sure. During the encryption, each enciphered file gets a second extension, e.g., picture.jpg.SysDown. Then the threat should display a black pop-up window saying “SYSDOWN Pwned by the SYSDOWN virus! ID:{random characters}.”

As explained earlier, the malware’s developers do not ask for any payment or mention available decryption tools, so if you come across it there is nothing to do, but to delete the threat. Users who would like to try to eliminate it manually could use our recommended deletion steps located at the end of this paragraph. Also, SYSDOWN Ransomware can be removed by a reliable security tool, so if you prefer using automatic features, do not hesitate to install it. As soon as you do a system scan, the malware and all other possible threats could be erased at once with a single mouse click.

Get rid of SYSDOWN Ransomware

1. Tap Windows key+E.
2. Navigate to the listed paths:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
3. Locate the malicious file you might have opened at the time the PC got infected.
4. Right-click the suspicious file and press Delete.
5. Close File Explorer.
6. Empty your Recycle bin.
7. Reboot the system.