Sicck Ransomware is somewhat similar to the vicious threat known as WannaCry Ransomware that infected many devices worldwide in 2017. This newer malicious application exploits the same system vulnerabilities to enter the computer and encrypts files located on it by applying a secure encryption algorithm. Unfortunately, files affected by it become unusable and to get them back the threat’s ransom note might offer decryption tools in exchange for paying 1 Bitcoin, which currently is a bit more than 6 thousand US dollars. Needless to say, we would not recommend taking any chances when the price is so high. Sicck Ransomware’s developers may not deliver the decryption tools even if they promise so. Not to mention, all encrypted data can be restored from backup copies if the victim has any. For more information, we would advise reading the rest of this report. Also, if you decide to remove the malware, do not forget to check the deletion instructions located below.
It is believed that Sicck Ransomware is spread via infected email attachments and malicious software installers. Meaning, the computer could get infected after launching some questionable file downloaded from the Internet. Moreover, our specialists say, the threat can spread inside a network by using the same SMB exploit that was used in WannaCry Ransomware attacks. The only good news is the exploit works only on old machines with outdated operating systems, which means it is likely it can affect only a small number of users. Thus, one of the ways to protect the computer from this malicious application is to update your operating system. Additionally, we would recommend keeping away from unreliable file-sharing sites and untrustworthy installers. Also, if you receive any suspicious email attachments from unknown senders, we would advise not to open them before scanning such data with a reliable security tool.
Provided, Sicck Ransomware enters the system it should drop a malicious file called Sicck.exe in the %HOMEDRIVE% directory. Our specialists say it is needed for the encryption process, which means once it appears the malicious application should start encrypting user’s data. All affected files are renamed in a specific manner, for example, a file called panda.jpg would turn into [sicck@protonmail.com]panda.jpg.sicck. The next step is to display a ransom note which should be provided on a text document called How__to__decrypt__files.txt. Inside of it Sicck Ransomware’s victims should find a message saying they have to pay one Bitcoin to receive decryption tools. The hackers may even offer to decrypt up to three files for free to prove they can do it. Still, it does not show they will hold on to their word, which means paying a ransom is a risk. In this case, it could be a huge risk given the price is so high.
If you are not planning on paying the ransom and risking your savings we advise you eliminate Sicck Ransomware. It can be removed either manually or with automatic features, so you can pick a method you like. If you think you can handle the task, you could use the deletion instructions available below that will explain how to erase this threat manually. In case the process looks too challenging we would advise installing a reliable antimalware tool of your choice.
# | File Name | File Size (Bytes) | File Hash |
---|---|---|---|
1 | sicck dropper.exe | 2664448 bytes | MD5: 24bf2e26a150df152869e417ada736d2 |
2 | Sicck.exe | 161280 bytes | MD5: dfec0c6ce91e2c48821d4933a8bfccf3 |
3 | How__to__decrypt__files.txt | 1492 bytes | MD5: 1ff0ecf147b1f15787e2658ca8f5ba1e |
# | Process Name | Process Filename | Main module size |
---|---|---|---|
1 | sicck dropper.exe | sicck dropper.exe | 2664448 bytes |
2 | Sicck.exe | Sicck.exe | 161280 bytes |