5ss5c Ransomware Removal Guide

Users from China might encounter a new version of Satan Ransomware that is called 5ss5c Ransomware. The malware’s name derives from its extension, which it adds to the files that it encrypts. For example, a file called penguin.jpg should become [5ss5c@mail.ru]penguin.jpg.{40 random symbols}.5ss5c if it gets encrypted by this malicious application. Also, victims of the threat should notice a ransom note, which should be written in Chinese. Since the note does not have English or any other translation, researchers believe that it is targeted solely at people who speak Chinese. To learn more about this vicious threat, we invite you to read our full report. If you want to learn how to delete 5ss5c Ransomware, you should check the removal instructions located below too.

Usually, hackers who spread threats like 5ss5c Ransomware and Satan Ransomware search for ways to trick their victims into launching them unknowingly. One of the most popular tactics is sending victims emails with malicious attachments. To trick a user into opening such an attachment, hackers might make the file seem like a text document. Also, cybercriminals could pretend to be working for reputable companies or they could name malicious attachments in a way that would make victims want to open them out of curiosity. This is why specialists recommend keeping away from suspicious emails or messages from people you do not know all the time. Another thing that we advise if you want to stay away from ransomware and other threats, is to keep away from file-sharing sites because they may contain malicious files disguised as various installers.

The malware should encrypt all files except data with the following extensions if it gets in: .bin, .bmp, .cab, .chm, .dat, .dll, .exe, .iso, .lib, .log, .msi, .ocx, .pbk, .pol, .sdi, .sys, .tmp, and .wim. Once encrypted, the targeted files should be marked with the extension that we mentioned in the beginning of this article. 5ss5c Ransomware should also create a Registry entry in a specific directory that is mentioned in the removal instructions below so that it would be reloaded after each system restart. Our specialists say that it might also try to block some processes; most likely to make it more difficult to detect or erase the malware. At last, 5ss5c Ransomware should create a ransom note. Its title and the text inside of it should be written in Chinese, but if a computer does not have this language, its user may see random characters. Translated into English, the malware’s note says that users who want to decrypt their files have to contact the threat’s creators and pay ransom in 48 hours.

Getting a decryptor from the malware’s creators might be your only chance to get your data back. However, it is crucial to understand that even if you put up with the hackers’ demands, you could still end up with nothing. Cybercriminals may promise anything to convince you to pay, but there are no reassurances that they will hold on to their end of the deal. If risking your savings for a possibility to get a decryptor does not sound good to you, we advise not to put up with any demands. We also recommend deleting 5ss5c Ransomware so it would not cause you more trouble. You could use our deletion instructions located below or you could employ a reliable security tool that would eliminate 5ss5c Ransomware for you.

Get rid of 5ss5c Ransomware

1. Tap Ctrl+Alt+Delete.
2. Pick Task Manager.
3. Check the Processes tab and identify a process belonging to the malicious application.
4. Choose it and press the End Task button.
5. Close Task Manager.
6. Press Win+E.
7. Go to the listed paths:
   %USERPROFILE%\Desktop
   %USERPROFILE%\Downloads
   %TEMP%
8. Locate a file that could be the ransomware’s launcher, right-click it, and choose Delete.
9. Navigate to: C:\ProgramData
10. Look for a malicious folder called 5ss5c_token, right-click it, and select Delete.
11. Find files named _如何解密我的文件_.txt, right-click them and choose Delete.
12. Close File Explorer.
13. Press Win+R.
14. Type Regedit and click OK.
15. Find this particular path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
16. Locate a value name titled 5ss5cStart, right-click it and select Delete.
17. Leave Registry Editor.
18. Empty Recycle Bin.
19. Reboot the computer.