5ss5c Ransomware

5ss5c Ransomware Description

One of the newest spotted ransomware threats in the wild has been dubbed the 5Ss5c Ransomware. When malware researchers studied this new Trojan, they found that this is not a threat built from scratch. Instead, the creators of the 5Ss5c Ransomware have based this Trojan on the already existing Satan Ransomware. This is a common method used by a large number of ransomware authors, as it is much more time-efficient and far easier.

Propagation and Encryption

The 5Ss5c Ransomware is likely being spread with the help of phishing emails. Normally, a bogus email would contain a fake message and a corrupted attached file, often a document that appears important. This is how authors of ransomware often manage to trick users into launching the unsafe attachment on their systems. Other commonly used propagation methods include torrent trackers, compromised advertisement campaigns, fraudulent application updates, downloads, etc. The 5Ss5c Ransomware is meant to target a long list of file types that are likely present on the computer of any regular Internet user. This means that all documents, images, videos, spreadsheets, presentations, databases, archives, and other popular file types will be locked swiftly. The 5Ss5c Ransomware applies a secure encryption algorithm to the targeted data. This data-locking Trojan also alters the names of the affected files. The 5Ss5c Ransomware follows a particular pattern when renaming the encrypted files - '[5ss5c@mail.ru]..5ss5c.’ The 5Ss5c Ransomware generates a new, unique victim ID for every compromised system so that the attackers can differentiate between their victims easily.

The Ransom Note

Next, the 5Ss5c Ransomware's ransom note is dropped on the victim's desktop. However, the authors of the 5Ss5c Ransomware are likely targeting Chinese users mainly. This is because the attackers' ransom message is written in Chinese entirely. The name of the file that contains the ransom message is '如何 解密 我 的 文件_.txt' ('How to decrypt my files_.txt' in English). The creators of the 5Ss5c Ransomware demand to be contacted via email and provide an email address - ‘5Ss5c@mail.ru.' In the note, it is mentioned that the ransom fee demanded is 1 Bitcoin, which is $8,700 approximately.

It is not a good idea to trust the word of cyber crooks. Authors of ransomware tend to promise users to provide them with a decryption key as soon as they get paid, but this is rarely the case. Oftentimes ransomware creators lose interest in cooperating with the victim when they receive the money they are after. This is why you should consider obtaining a legitimate anti-malware application that will remove the 5Ss5c Ransomware from your PC easily and for good.

Do You Suspect Your PC May Be Infected with 5ss5c Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like 5ss5c Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Technical Information

File System Details

5ss5c Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 c:\users\julius\appdata\local\temp\4v7jdyi2.part 82,432 680d9c8bb70e38d3727753430c655699 2
2 cpt.dat 1,230,848 853358339279b590fb1c40c3dc0cdb72 1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.