Sicck Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 872
Category: Trojans

Sicck Ransomware is somewhat similar to the vicious threat known as WannaCry Ransomware that infected many devices worldwide in 2017. This newer malicious application exploits the same system vulnerabilities to enter the computer and encrypts files located on it by applying a secure encryption algorithm. Unfortunately, files affected by it become unusable and to get them back the threat’s ransom note might offer decryption tools in exchange for paying 1 Bitcoin, which currently is a bit more than 6 thousand US dollars. Needless to say, we would not recommend taking any chances when the price is so high. Sicck Ransomware’s developers may not deliver the decryption tools even if they promise so. Not to mention, all encrypted data can be restored from backup copies if the victim has any. For more information, we would advise reading the rest of this report. Also, if you decide to remove the malware, do not forget to check the deletion instructions located below.

It is believed that Sicck Ransomware is spread via infected email attachments and malicious software installers. Meaning, the computer could get infected after launching some questionable file downloaded from the Internet. Moreover, our specialists say, the threat can spread inside a network by using the same SMB exploit that was used in WannaCry Ransomware attacks. The only good news is the exploit works only on old machines with outdated operating systems, which means it is likely it can affect only a small number of users. Thus, one of the ways to protect the computer from this malicious application is to update your operating system. Additionally, we would recommend keeping away from unreliable file-sharing sites and untrustworthy installers. Also, if you receive any suspicious email attachments from unknown senders, we would advise not to open them before scanning such data with a reliable security tool.

Provided, Sicck Ransomware enters the system it should drop a malicious file called Sicck.exe in the %HOMEDRIVE% directory. Our specialists say it is needed for the encryption process, which means once it appears the malicious application should start encrypting user’s data. All affected files are renamed in a specific manner, for example, a file called panda.jpg would turn into []panda.jpg.sicck. The next step is to display a ransom note which should be provided on a text document called How__to__decrypt__files.txt. Inside of it Sicck Ransomware’s victims should find a message saying they have to pay one Bitcoin to receive decryption tools. The hackers may even offer to decrypt up to three files for free to prove they can do it. Still, it does not show they will hold on to their word, which means paying a ransom is a risk. In this case, it could be a huge risk given the price is so high.

If you are not planning on paying the ransom and risking your savings we advise you eliminate Sicck Ransomware. It can be removed either manually or with automatic features, so you can pick a method you like. If you think you can handle the task, you could use the deletion instructions available below that will explain how to erase this threat manually. In case the process looks too challenging we would advise installing a reliable antimalware tool of your choice.

Get rid of Sicck Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Locate a process related to the malware.
  4. Mark it and press End Task.
  5. Exit Task Manager.
  6. Open File Explorer (Win+E).
  7. Go to these locations separately:
  8. Search for a suspicious file that might be the malware’s installer; right-click it and select Delete.
  9. Then go to %HOMEDRIVE%
  10. Find an executable file named Sicck.exe and a text file called How__to__decrypt__files.txt.
  11. Right-click these files separately and select Delete.
  12. Exit the Explorer.
  13. Empty Recycle bin.
  14. Reboot the device.
Download Remover for Sicck Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Sicck Ransomware Screenshots:

Sicck Ransomware

Sicck Ransomware technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1How__to__decrypt__files.txt1492 bytesMD5: 1ff0ecf147b1f15787e2658ca8f5ba1e
2sicck dropper.exe2664448 bytesMD5: 24bf2e26a150df152869e417ada736d2
3Sicck.exe161280 bytesMD5: dfec0c6ce91e2c48821d4933a8bfccf3

Memory Processes Created:

# Process Name Process Filename Main module size
1sicck dropper.exesicck dropper.exe2664448 bytes
2Sicck.exeSicck.exe161280 bytes

Comments are closed.