SecretSystem Ransomware Removal Guide

Do you know what SecretSystem Ransomware is?

Have you let SecretSystem Ransomware in by opening a corrupted spam email attachment? Was it downloaded and executed without your permission? Whatever the case might be, eliminating this malicious infection from your operating system is extremely important; even if it has not encrypted any of your personal files. According to our research team, this infection was created to target personal files, but it is possible that it is still being developed or that the server via which it receives the encryption key is down because, at the time of research, no files were encrypted by it. That being said, this threat could become aggressive really fast, and you do not want it around for much longer. If your files were encrypted by this malware, you might want to figure out what to do about that first. If you read this article, you will learn how to remove SecretSystem Ransomware from your operating system. We also discuss the encryption of files, as well as what to do to prevent malware like this from slithering in again.

If SecretSystem Ransomware encrypts your personal files, it should add the “.slvpawned” extension to all of them, and that is what helps you identify them fast. According to our research, this infection targets files with such extensions as .avi, .doc, .html, .jpeg, .mp3, .mp4, .rar, .txt, .zip, etc. Once these files are encrypted, there is not much you can do. Immediately after that, a pop-up shows up suggesting that if you close the window entitled “Attention All Your Files are Encrypted by SecretSystem,” your files will be deleted. According to the message represented via this window, you need to transfer a ransom of $500 (in Bitcoins) to the presented Bitcoin Address. Allegedly, once you pay the ransom and provide cyber criminals with your ID, a decryption key should be given to you. At the bottom of the ransom note, you can find a dialog box where the decryption key must be entered. Unfortunately, it is highly unlikely that this would work for you. In fact, it is most likely that if you pay the ransom, you will waste your money for no good reason as your files will remain encrypted.

During the encryption, SecretSystem Ransomware can display a fake Windows update screen warning that you should not turn off your computer. Once that is complete, you will find your files encrypted, and the obnoxious ransom note window will pop up. Also, the threat can disable the Task Manager so as to prevent you from disabling the window. That is what can prevent you from deleting SecretSystem Ransomware right away. Of course, before you eliminate this threat, you need to think what you want to do about your files. If they were not encrypted, you have nothing to worry about, except for the removal of the ransomware. But if they were encrypted, you probably want to, at least, try to decrypt them. While paying the ransom is not recommended, you might be able to employ third-party file decryptors for free. Also, you should look at your backups to see if files are already backed up. If they are not, take note to make sure you back up your files in the future.SecretSystem Ransomware Removal GuideSecretSystem Ransomware screenshot
Scroll down for full removal instructions

If you have never needed to eliminate malware from your operating system, deleting SecretSystem Ransomware might seem like a great challenge. As mentioned already, this threat can lock your screen using a window that represents the ransom note. If Task Manager is disabled, terminating the malicious process might be more complicated. We suggest restarting your computer (do not worry, this will not damage your files) to check if your PC remains paralyzed. If it does, you will have to reboot your PC into Safe Mode to be able to eliminate malicious components. The instructions right below shows how to do that. If you choose to install anti-malware software to have all threats eliminated automatically (the option our research team recommends), be sure to reboot into Safe Mode with Networking.

Remove SecretSystem Ransomware

N.B. If your PC remains locked after you restart it, reboot into Safe Mode.

  1. Launch Task Manager using the Ctrl+Shift+Esc key combo.
  2. Move to the Processes tab.
  3. Identify a malicious process (make sure you do not kill harmless processes).
  4. Select the process and click End task (before that, check the location of the file via Properties).
  5. Launch Windows Explorer using the Win+E key combo.
  6. Enter one of these directories into the bar at the top to look for the malicious .exe file (note that the launcher could be found in a completely different location):
    • %TEMP%
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
  7. Launch RUN by tapping Win+R keys and then enter regedit.exe into the dialog box.
  8. In Registry Editor, go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  9. Look for values associated with the ransomware. If you find them, right-click and choose Delete.
  10. Empty Recycle Bin.

How to reboot into Safe Mode

Windows 10

  1. Click the Windows logo on the Taskbar.
  2. Click Power.
  3. Simultaneously tap the Shift key and click Restart.
  4. Open the Troubleshooting menu.
  5. Select Advanced options.
  6. Move to Startup Settings.
  7. Click Restart and then choose F4 or F5.

Windows 8/Windows 8.1

  1. Open the Charm bar.
  2. Click Settings.
  3. Repeat steps 3-7 using the Windows 10 guide.

Windows 7/Windows Vista/Windows XP

  1. Restart the PC.
  2. Start tapping F8 as soon as BIOS loads.
  3. Using arrow keys select Safe Mode or Safe Mode with Networking.
  4. Tap Enter to boot the PC.

In non-techie terms:

The malicious SecretSystem Ransomware was created to extort money from users who carelessly let in this threat into their operating systems. This threat encrypts files and then displays a screen-locking window with a message suggesting that the victim has to pay a ransom of $500. Paying the ransom is a bad idea because cyber criminals are not trustworthy, and you cannot trust them to keep their promises to decrypt files. Since this infection can paralyze your operating system, you might have to reboot your PC to Safe Mode or Safe Mode with Networking (for Internet access). You can follow the manual removal guide above, or you can install anti-malware software to take care of existing threats automatically. Unfortunately, we cannot help you with the decryption of your files.