5H311 1NJ3C706 Ransomware

5H311 1NJ3C706 Ransomware was titled after the extension it adds to all of its encrypted files. Once it enciphers them with a strong encryption algorithm, the malicious application should show a ransom note asking to make a payment if the user wishes to decrypt his data. However, the mentioned sum suggests the malware could be still in the development stage as it seems ridiculously huge. If you continue reading our article, we will present more details about 5H311 1NJ3C706 Ransomware. Also, in case it is being distributed we will place instructions showing how to get rid of the malicious application manually. Nonetheless, keep it in mind if the process looks too tricky it can be eliminated with a chosen antimalware tool too. Also, if there is anything else you would like to ask about the threat you can leave a comment below the text.

In the beginning, it would be a good idea to explain how 5H311 1NJ3C706 Ransomware could be distributed, even though we are not sure if it is being spread yet. Some ransomware applications infect systems by exploiting various vulnerabilities, such as weak passwords or outdated software on the victim’s computer, but probably even more of them enter the system through malicious email attachments. Usually, the message that comes with the infected email attachment claims it is important to open it fast or says it is something shocking to make the user feel curious. Naturally, to be cautious, you should not open such documents or at least check them with a reliable antimalware tool first. Also, threats like 5H311 1NJ3C706 Ransomware can be distributed with various installers offered on P2P file sharing websites or similar web pages, so if you want to keep your system protected you should try to stay away from such sites.

Our researchers tell the malicious application does not add any new data on the computer after infecting it. Meaning, the only data associated with it should be the suspicious file that was either recently downloaded by the user or dropped by 5H311 1NJ3C706 Ransomware. Moreover, because of it, the encryption process might start immediately after the malware enters the system. During it, the threat might encrypt user’s documents, photos, archives, videos, or other private files. Such data should be marked with an additional extension called .5H311 1NJ3C706, for example, an image titled kittens.jpg should become kittens.jpg.5H311 1NJ3C706. After all of the files, the malicious application is programmed to lock are affected, it should display a window with a ransom note that cannot be closed by pressing its X button. Instead, users could kill the threat’s process via Task Manager as shown in the removal instructions and the window should disappear.

On the malware’s window users might see a message asking to transfer 300 Bitcoin to a provided Bitcoin wallet address. The sum is as we said ridiculous as at the moment of writing one Bitcoin is more than six thousand US dollars, so you can imagine what the ransom would be if you convert 300 Bitcoin to US dollars. This suggests 5H311 1NJ3C706 Ransomware could be still in the development stage, which means once it is finally finished the hackers would most likely change the price to a more affordable one.

The good news is even if you got infected by this version of 5H311 1NJ3C706 Ransomware (we cannot know if there will not be other variants), you should be able to decrypt your files without paying anything. Our researchers found a password on the malware’s code that unlocks all affected files when submitted to the box placed below the Submit Key button on the threat’s window. The code is 666HackerThn. After you decrypt your data with it, we would recommend removing the malicious application while following the instructions we added below the text or with a reliable antimalware tool of your preferences.

Erase 5H311 1NJ3C706 Ransomware

1. Tap Ctrl+Alt+Delete.
2. Launch Task Manager.
3. Look for the infection’s process.
4. Select the malicious process and press End Task.
5. Leave the Task Manager.
6. Click Win+E.
7. Find these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Look for the malware’s installer, then right-click it and press Delete.
9. Exit File Explorer.
10. Empty Recycle bin.
11. Restart the system.