5ss5c Ransomware
The 5ss5c Ransomware is a file-locking Trojan that extorts money from Chinese-speaking victims through attacking their digital media. It's an update of the previous DBGer Ransomware with cosmetic changes predominantly. Users still should protect themselves in the same way, by backing their work up safely and possessing anti-malware solutions for detecting and removing the 5ss5c Ransomware installations.
Chinese Trojans Getting Revamps
A remodel of the Satan Ransomware RaaS (or Ransomware-as-a-Service family) is starting to see circulation throughout China. The 5ss5c Ransomware comes from the same project that birthed variants like the DBGer Ransomware and carries with it a similar preference for extorting Eastern victims. The Trojan's ransom fees remain incredibly high, which speaks to either the expectations of the family's threat actor or their means of targeting victims with well-furnished finances.
Samples of the 5ss5c Ransomware are using fake text file-based names and an executable packer for obfuscating their identities, and unknown circulation strategies. After compromising a Windows PC, the 5ss5c Ransomware initiates an encryption routine using AES for converting documents and similar files into 'hostage' content. The '5ss5c' label refers to extensions that the Trojan adds, as well as the Russian e-mail address for negotiations.
Despite the executable-packing protection, the 5ss5c Ransomware is identifiable by many brands of anti-malware products. Blocking the 5ss5c Ransomware preemptively still is the best solution against its attacks. Malware experts continue seeing no freeware decryptors for it, and the Trojan's ransom of one to two Bitcoins – thousands of dollars – is well over the reasonable expenses of most individuals and smaller businesses.
Sparing Yourself Unnecessary Data Recovery Expenses
As is tradition with its family, the 5ss5c Ransomware is delivering Chinese language-based ransom notes in Notepad TXT formats. Besides linguistics and expense, such ransoms convey few details for separating the 5ss5c Ransomware from similar Trojans. Victims should maintain full awareness of all the dangers of making payments to criminals, who can accept the cryptocurrency, refuse the service, and suffer no penalties from doing so.
Some self-defenses users can implement for the protection of their media include disabling document and spreadsheet macros, turning off Flash and JavaScript in their browsers, updating all software when appropriate, using secure passwords, and securing RDP and port settings. Failing to do so invites attacks of opportunity by file-locker Trojan campaigns. In most cases, victims either infect their systems through their actions or maintain unsafe environments that facilitate attacks by port scanners and other hacking tools.
Anti-malware services should, however, prove as useful as always against the 5ss5c Ransomware, and most vendors' products will flag and delete the 5ss5c Ransomware infections properly.
Although most samples of file-locker Trojans are indiscriminate geographically, exceptions do occur. The 5ss5c Ransomware is one that's freshly-risen from its grave for Chinese Web surfers and businesses, showing that no amount of border-based cyber-security can entirely stop a Ransomware-as-a-Service from thriving.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.