5ss5c Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 8 |
First Seen: | September 10, 2012 |
Last Seen: | February 5, 2020 |
OS(es) Affected: | Windows |
One of the newest spotted ransomware threats in the wild has been dubbed the 5Ss5c Ransomware. When malware researchers studied this new Trojan, they found that this is not a threat built from scratch. Instead, the creators of the 5Ss5c Ransomware have based this Trojan on the already existing Satan Ransomware. This is a common method used by a large number of ransomware authors, as it is much more time-efficient and far easier.
Propagation and Encryption
The 5Ss5c Ransomware is likely being spread with the help of phishing emails. Normally, a bogus email would contain a fake message and a corrupted attached file, often a document that appears important. This is how authors of ransomware often manage to trick users into launching the unsafe attachment on their systems. Other commonly used propagation methods include torrent trackers, compromised advertisement campaigns, fraudulent application updates, downloads, etc. The 5Ss5c Ransomware is meant to target a long list of file types that are likely present on the computer of any regular Internet user. This means that all documents, images, videos, spreadsheets, presentations, databases, archives, and other popular file types will be locked swiftly. The 5Ss5c Ransomware applies a secure encryption algorithm to the targeted data. This data-locking Trojan also alters the names of the affected files. The 5Ss5c Ransomware follows a particular pattern when renaming the encrypted files - '[5ss5c@mail.ru]
The Ransom Note
Next, the 5Ss5c Ransomware's ransom note is dropped on the victim's desktop. However, the authors of the 5Ss5c Ransomware are likely targeting Chinese users mainly. This is because the attackers' ransom message is written in Chinese entirely. The name of the file that contains the ransom message is '如何 解密 我 的 文件_.txt' ('How to decrypt my files_.txt' in English). The creators of the 5Ss5c Ransomware demand to be contacted via email and provide an email address - ‘5Ss5c@mail.ru.' In the note, it is mentioned that the ransom fee demanded is 1 Bitcoin, which is $8,700 approximately.
It is not a good idea to trust the word of cyber crooks. Authors of ransomware tend to promise users to provide them with a decryption key as soon as they get paid, but this is rarely the case. Oftentimes ransomware creators lose interest in cooperating with the victim when they receive the money they are after. This is why you should consider obtaining a legitimate anti-malware application that will remove the 5Ss5c Ransomware from your PC easily and for good.