Sicck Ransomware

What is Sicck Ransomware?

Sicck Ransomware is a malicious application that encrypts the victim’s data and then threatens to share it on the Internet if the user does not pay the requested amount of Bitcoins in three days. Unfortunately, the asked amount of money is not a small sum, which is why we would not recommend risking it. Especially, when there are no guarantees, the hackers will provide the needed decryption key. Even if they promise to do so and encrypt a couple of files to prove they have the required decryption tools it does not mean they cannot trick you, for example, ask for more money. To learn more about the threat you could have a look at our full article. Moreover, if you choose not to pay the ransom, we advise deleting Sicck Ransomware because it unattended could still be dangerous. At the end of this page, you can find instructions showing how to remove it manually. Naturally, if they appear too challenging, you should leave the task to a legitimate antimalware tool.

Where does Sicck Ransomware come from?

Researchers at Anti-spyware-101.com have discovered the malicious application could be distributed via Spam emails. Meaning, Sicck Ransomware might travel with infected email attachments. Also, it was noticed the malware has capabilities of scanning networks to find devices vulnerable to the Shadow Brokers SMB exploit that some old unpatched systems may still have. The same vulnerability was used in the WannaCry Ransomware attacks. Consequently, we would recommend updating your operating system if it does not have the patch for the mentioned exploit yet. Also, it is crucial to be careful with Spam emails or other messages that may come from unknown senders or unexpectedly. Plus, it might be smart to keep a legitimate antimalware tool that could help you identify malicious content and guard the computer against it.

How does Sicck Ransomware work?

At first, the malware drops an executable file called Sicck.exe in the %HOMEDRIVE% directory. Our researchers say the file is used to encrypt the victim’s data found on the computer, for example, pictures, documents, archives, and so on. During this process, Sicck Ransomware modified the title of each file by placing the hacker’s email address at the beginning and the .sicck extension at the end. For instance, a document called introduction.docx would turn into [sicck@protonmail.com]introduction.docx.sicck. Next, the threat drops a ransom note called How__to__decrypt__files.txt in the %HOMEDRIVE% location. Inside of this file, you should see the same message written in three different languages. As we explained at the beginning of the article, the cybercriminals behind Sicck Ransomware wish to receive a payment in exchange for decryption key or else they threaten to share user’s data on the Internet. The price is one Bitcoin which is around 4400 US dollars at the moment of writing. The sum is quite large compared to other similar malicious applications, and if you are not willing to risk losing it, we would recommend erasing the malware with no hesitation.

How to erase Sicck Ransomware?

There are two options to get rid of Sicck Ransomware. If you are an experienced user, you could follow the instructions available at the end of this paragraph as they will show how to remove the threat manually. The second option is to acquire a legitimate antimalware tool, scan your computer with it, and click the given deletion button to eliminate all detections at once.

Eliminate Sicck Ransomware

1. Press Ctrl+Alt+Delete and Task Manager.
2. Search for a process belonging to the malware.
3. Choose this process and press End Task to kill it.
4. Leave Task Manager.
5. Press Windows key+E.
6. Check these directories:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
7. Locate the malware’s installer (most likely recently downloaded unreliable file); right-click it and select Delete.
8. Navigate to %HOMEDRIVE%
9. Find an executable file named Sicck.exe and a text document called How__to__decrypt__files.txt, right-click them one by one and choose Delete.
10. Leave the Explorer.
11. Empty your Recycle bin.
12. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of Sicck Ransomware*

Stop these Sicck Ransomware Processes: