Threat Database Ransomware 5ss5c Ransomware

5ss5c Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 8
First Seen: September 10, 2012
Last Seen: February 5, 2020
OS(es) Affected: Windows

One of the newest spotted ransomware threats in the wild has been dubbed the 5Ss5c Ransomware. When malware researchers studied this new Trojan, they found that this is not a threat built from scratch. Instead, the creators of the 5Ss5c Ransomware have based this Trojan on the already existing Satan Ransomware. This is a common method used by a large number of ransomware authors, as it is much more time-efficient and far easier.

Propagation and Encryption

The 5Ss5c Ransomware is likely being spread with the help of phishing emails. Normally, a bogus email would contain a fake message and a corrupted attached file, often a document that appears important. This is how authors of ransomware often manage to trick users into launching the unsafe attachment on their systems. Other commonly used propagation methods include torrent trackers, compromised advertisement campaigns, fraudulent application updates, downloads, etc. The 5Ss5c Ransomware is meant to target a long list of file types that are likely present on the computer of any regular Internet user. This means that all documents, images, videos, spreadsheets, presentations, databases, archives, and other popular file types will be locked swiftly. The 5Ss5c Ransomware applies a secure encryption algorithm to the targeted data. This data-locking Trojan also alters the names of the affected files. The 5Ss5c Ransomware follows a particular pattern when renaming the encrypted files - '[]..5ss5c.’ The 5Ss5c Ransomware generates a new, unique victim ID for every compromised system so that the attackers can differentiate between their victims easily.

The Ransom Note

Next, the 5Ss5c Ransomware's ransom note is dropped on the victim's desktop. However, the authors of the 5Ss5c Ransomware are likely targeting Chinese users mainly. This is because the attackers' ransom message is written in Chinese entirely. The name of the file that contains the ransom message is '如何 解密 我 的 文件_.txt' ('How to decrypt my files_.txt' in English). The creators of the 5Ss5c Ransomware demand to be contacted via email and provide an email address - ‘' In the note, it is mentioned that the ransom fee demanded is 1 Bitcoin, which is $8,700 approximately.

It is not a good idea to trust the word of cyber crooks. Authors of ransomware tend to promise users to provide them with a decryption key as soon as they get paid, but this is rarely the case. Oftentimes ransomware creators lose interest in cooperating with the victim when they receive the money they are after. This is why you should consider obtaining a legitimate anti-malware application that will remove the 5Ss5c Ransomware from your PC easily and for good.


Most Viewed