5ss5c Ransomware

What is 5ss5c Ransomware?

The hackers behind 5ss5c Ransomware seem to be greedy as they may ask their victims to pay 1 BTC in exchange for decryption tools. As you see, the malware’s victims might need such tools to decrypt files locked by the malicious application. The message, which explains how to get in touch with the hackers and what a user needs to to exactly, gets displayed right after the threat enciphers all targeted files. As usual, data that gets encrypted ought to be personal, while files that belong to the system should be left alone. Thus, it is safe to say that receiving this malicious application might cause you lots of damage if you have irreplaceable files on your device. However, we advise not to panic and to read the rest of our article to learn how it works and how to eliminate 5ss5c Ransomware. Download Removal Tool100% FREE spyware scan and
tested removal of 5ss5c Ransomware*

Where does 5ss5c Ransomware come from?

5ss5c Ransomware appears to be a new version of Satan Ransomware. Also, our researchers at Anti-spyware-101.com say that its developers might be after users who speak Chinese. That is because the malware’s ransom note is written in Chinese only.

Cybercriminals could use various channels to reach their victims. For instance, they could upload the threat onto torrent or other untrustworthy file-sharing websites or send it via Spam emails. Therefore, if you want to avoid such malware, you should be cautious with all files that come from unreliable sources. Even if they do not look dangerous, we encourage you to scan files from the Internet with a legitimate antimalware tool before opening them.

How does 5ss5c Ransomware work?

First, 5ss5c Ransomware should settle in by creating a folder called 5ss5c_token in the C:\ProgramDatamight location to place its data. Additionally, it might place a value name titled 5ss5cStart in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run directory on Registry. According to our researchers, this value name should enable the malware to relaunch itself when a computer gets restarted. Afterward, it might look for processes called reportingservicesservice.exe, oracle.exe, and some other to try to kill them. Ending the mentioned processes might help the malware stay hidden until it finishes its main task.

5ss5c Ransomware’s main task is to encrypt files that could be valuable, for example, photos, various documents, archives, videos, and so on. Since the threat encrypts such data with a robust encryption algorithm, the only way to restore it is to use special decryption tools. Of course, if you have backup copies that are safely stored on cloud storage or removable media devices, you could replace encrypted files instead of decrypting them. We recommend the second option. The threat’s developers are the only ones who may have decryption tools and they demand to pay a ransom in return. Our researchers say that the sum in the malware’s ransom note (_如何解密我的文件_.txt) could be one Bitcoin, which is more than eight thousand US dollars at the moment of writing. Also, paying the ransom might be not only expensive but also risky because there are no guarantees that the promised tools will be delivered to you.

How to erase 5ss5c Ransomware?

It is up to you to decide if you want to pay ransom or not. However, we recommend erasing 5ss5c Ransomware as fast as possible since it can relaunch with your system, which means it could encrypt new files upon each restart. To learn how to delete the malicious application manually, you could follow the instructions available at the end of this paragraph. If you think the process is too challenging or time-consuming, we encourage you to get a legitimate antimalware tool instead. After scanning your system with it, you should be able to remove 5ss5c Ransomware along with other possible threats.

Remove 5ss5c Ransomware

1. Tap Ctrl+Alt+Delete.
2. Open Task Manager and click on Processes.
3. Find a process belonging to the malware.
4. Select it and click End Task.
5. Close Task Manager.
6. Press Windows key+E.
7. Search these directories:
   %USERPROFILE%\Desktop
   %USERPROFILE%\Downloads
   %TEMP%
8. Look for the malware’s installer, right-click the malicious file, and press Delete.
9. Go to: C:\ProgramData
10. Find a folder titled 5ss5c_token; it should contain files belonging to the threat.
11. Right-click this folder ( 5ss5c_token) and press Delete to remove it.
12. Right-click text documents called _如何解密我的文件_.txt and select Delete to get rid of them.
13. Exit File Explorer.
14. Press Windows key+R.
15. Type Regedit and press Enter.
16. Navigate to: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
17. Right-click a value name called 5ss5cStart and choose Delete to erase it.
18. Exit Registry Editor.
19. Empty Recycle Bin.
20. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of 5ss5c Ransomware*