SecretSystem Ransomware

SecretSystem Ransomware Description

The SecretSystem Ransomware is a file encoder Trojan that was reported by cybersecurity researchers on May 13th, 2017. The SecretSystem Ransomware Trojan appears to land on systems when users open corrupted documents they have downloaded from a spam email. The first cases of SecretSystem Ransomware seem to be related to users in the Russian Federation, Western Europe and North America. The threat behaves like the Comrade Circle Ransomware and is said to borrow code from the CloudSword Ransomware and the JohnyCryptor Ransomware. Further investigation is required to confirm if the SecretSystem Ransomware is a standalone project or the work of the joined efforts of various ransomware authors. The cyber parasite at hand might be referred to by researchers as 'Ransomeware_Final' as well since the string is present in the code of the Trojan.

The SecretSystem (Ransomeware_Final) Ransomware was seen to run as 'Ransomeware.exe' and 'SecretSystem.exe' on compromised machines. When the SecretSystem Ransomware is installed successfully, the user is shown a lock screen. The overlay resembles the 'Windows Updates Are Being Installed' screen that you are likely to notice after approving the installation of updates from the Windows Update Center. The overlay is not generated by Windows and is used by the SecretSystem Ransomware to hide the encryption procedure. The front employed by SecretSystem is a full-screen window colored in blue that has a spinning animation and offers the following message:

'Windows is working on updates
wait till complete
Don't turn off your computer, this will take a while'

Needless to say, the typos should be reason for users to suspect there is something that not seem right. The SecretSystem lock screen may prevent users from accessing their desktops by disabling the keyboard shortcuts until the encryption process is complete. Researches that worked on samples of SecretSystem alert that the threat is designed to encipher the most common data containers associated with family photos, work-related documents, music, videos and archives. The complete list of the targeted extensions can be found below:

.3gp, .ahok, .apk, .asp, .aspx, .avi,.doc, .docx, .encrypt, .flac, .html, .jpeg, .jpg, .MOV, .mov, .mp3, .mp4, .php, .png, .ppt, .pptx, .psd, .rar, .raw, .txt, .wav, .wma, .wmv, .xls, .xlsx, .zip.

The enciphered objects are marked with the '.slvpawned' suffix, which is positioned at the end of the filename. For example, 'First Aid Guide and Emergency-Web MD.pptx' is renamed to 'First Aid Guide and Emergency-Web MD.pptx.slvpawned.' There are reports that the SecretSystem Ransomware may use the '.crypted' extension but there is no definitive proof. Computer security researchers note that the SecretSystem Ransomware might show the ransom notification as a program window and invite the user to pay 500 USD via Bitcoins to recover the decryption key. The SecretSystem decryption window may offer the following text:

'All Your Files are Encrypted by SecretSystem
If you want to decrypt your files follow this simple steps:
1.) Create BitcoinWallet
2.) Buy Bitcoins worth of $500
3.) Send $500 in BitCoin to Given Address
4.) Go to and Enter your Personal Id
5.) You will get your Decryption Key
6.) Enter it in Given Box and Click on Decrypt
7.) Restart your Computer and Delete any encrypted file you find
If you Close me you will loose all Your Files.
Contact Me

PC users that are infected with the SecretSystem Ransomware are not advised to pay the ransom and establish contact with the cyber crooks via '' Experts recommend using backups and copies on cloud-based storage like Google Drive to rebuild your data structure as opposed to risking your money and funding the development of the SecretSystem Ransomware. It is best to eliminate the SecretSystem Ransomware with the help of a trusted anti-malware suite. AV vendors may detect the objects used by the SecretSystem Ransomware and show alerts that feature the following names:

  • Generic.Ransom.CloudSword.B9737436
  • MSIL:Ransom-BK [Trj]
  • RDN/Ransom
  • Ransom.JohnyCryptor
  • Ransom_CRYPTEAR.SM
  • TR/FileCoder.ssawy
  • Virus.Ransom.Cloudsword!c
  • W32/Ransom.CPOW-1157
  • Word.Trojan.Generic.Pezi

Infected with SecretSystem Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect SecretSystem Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

SecretSystem Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 file.exe 183,808 b0ca603398de86e031a781c9d7606ec5 95

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 2 + 15 ?