Do you know what 5ss5c Ransomware is?
If you live in China, you are at a higher risk of facing 5ss5c Ransomware, a new file-encrypting threat that could exploit RDP vulnerabilities, spam emails, social-engineering attacks, and unreliable downloaders to slither into your operating system silently. If you do not discover and remove this infection immediately, it finds your personal files – including documents, videos, photos, music files, and so on – and it employs an encryption algorithm to lock them. Unfortunately, the decryption key is in the hands of the attackers, and they can do whatever they want with it. Of course, it is only natural that cybercriminals use this power to extort money out of their victims. So, do you need to give in? Do you need to delete 5ss5c Ransomware ASAP? Do you need to pay money to have your files decrypted? These are the questions we answer in this report.
Our malware experts have analyzed 5ss5c Ransomware, and it is now clear that it is part of the Satan Ransomware family. We cannot say yet for sure that the same attackers have built this malware, but that is quite likely. They use stealthy tactics to slip the infection in without notice, and if security software is not installed to protect you and remove malware before it is executed, it starts encrypting files. It does not encrypt files with ".bin", ".bmp", ".cab", ".chm", ".dat", ".dll", ".exe", ".iso", ".lib", ".log", ".msi", ".ocx", ".pbk", ".pol", ".sdi", ".sys", ".tmp", and ".wim" extensions, but these do not really represent personal files anyway. The infection also seems to avoid all folders that are likely to contain system files. You see, the attackers behind 5ss5c Ransomware are NOT interested in corrupting system files because they can be replaced. When it comes to personal files, not all victims have replacements.5ss5c Ransomware screenshot
Scroll down for full removal instructions
Once 5ss5c Ransomware is done encrypting files, it changes the data within, and it also changes the names by adding a prefix (“[5ss5c@mail.ru]”) and an extension (“.{random}.5ss5c”). How does that look? For example, a file named “file.pdf” is changed to “[5ss5c@mail.ru]file.pdf. {random}.5ss5c}.” You cannot read these files even if you remove the prefix and extension. Next to the corrupted files, you are likely to find the _如何解密我的文件_.txt file. 5ss5c Ransomware uses it to deliver a message, according to which, you need to pay a ransom of 1 BTC (~63,000 Yuan at the time of analysis) to get your files decrypted. No information about the payment is provided, but the 5ss5c@mail.ru email address is listed at the bottom, and so we assume that the attackers expect victims to contact them. It goes without saying that contacting cybercriminals is a terrible idea.
Would you get your files back if you contacted the attackers behind 5ss5c Ransomware and then paid the ransom requested by them? That is highly unlikely to be the case, and so we do not recommend getting involved in this at all. But what if your files are really important to you? If they are important, it is likely that you have backup copies of them stored outside the infected machine. If that is not the case, make sure you backup all files in the future because that is the best way to protect them. Of course, you also need the protection that only legitimate anti-malware software can provide you with. Even if you are able to locate and remove 5ss5c Ransomware components yourself, we advise implementing this software to secure your system and help you fight off malware.
Delete 5ss5c Ransomware
- Find the {unknown}.exe launcher file and Delete it.
- Delete all copies of the ransom note file, _如何解密我的文件_.txt.
- Tap Win+E to launch Explorer and enter %PROGRAMDATA% into the field at the top.
- If a folder named 5ss5c_token exists, Delete it.
- Tap Win+R to launch Run and enter regedit into the box to launch Registry Editor.
- Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
- If a value named 5ss5cStart exists, Delete it and then exit Registry Editor.
- Empty Recycle Bin and then quickly perform a system scan with a legitimate malware scanner.
In non-techie terms:
5ss5c Ransomware encrypts files to make you more willing to contact cybercriminals and pay a huge ransom. Unfortunately, those who do not have copies of the affected files stored outside the computer might decide to take the risk, and that is something we do not recommend doing because although the attackers might promise you to decrypt your files, if there is someone whose promises cannot be trusted it is a cybercriminal. If you have backups, use them to replace the corrupted files after you remove 5ss5c Ransomware. If you can do that manually, use the guide above, but also remember that you need to protect your operating system against other threats, and that is the job for legitimate anti-malware software. If you install it now, it will delete the ransomware automatically.