Click on screenshot to zoom
Danger level 6
Type: Trojans

Sicck Ransomware

Photos, family videos, work documents, file archives, and various other kinds of files might be encrypted by Sicck Ransomware if this malicious threat finds its way into your operating system. The infection, according to our researchers, is most likely to be introduced to Windows users via file attachments sent via misleading spam emails. If the infection corrupts a computer that is part of a larger network, it can scan that network to see if other vulnerable computers exist. Specifically, the infection looks for outdated systems with a Shadow Brokers SMB vulnerability. It can be exploited by the ransomware to spread inside the network. It has been used for the attacks of the well-documented WannaCry Ransomware as well. Of course, there is no need to explain that deleting Sicck Ransomware is important, but if you do not know what you need to do before that, you should continue reading. In this report, you will also find useful information on the different removal methods you could employ.

The goal that the creator of Sicck Ransomware has is to trick the victim of the infection into thinking that they can purchase a decryptor/decryption key. During the encryption, the ransomware modifies the files to make them unreadable, and it also changes their names. While the original name and extension remain, they are sandwiched by two extensions created by the infection. The first one - [] – is put at the front, and the second one – .sicck – is appended at the end. There is nothing you can do manually to restore these files back to normal. If you have backups online or on external drives – which is your only option of “recovering” them – you want to delete the copies corrupted by Sicck Ransomware, remove the infection itself, and then, if you need it, transfer the backup copies onto the clean computer. Unfortunately, victims who do not have backups might think that they can recover files by paying the ransom requested by the infection’s developer.

The ransom is set at 1 Bitcoin. During the extent of our analysts, 1 BTC converted to around 4000 US Dollars. That is not the kind of money you want to waste, do you? Unfortunately, you would be wasting it by paying the ransom. The developer of Sicck Ransomware requests the ransom via a file named “How__to__decrypt__files.txt.” The request is represented in English, Chinese, and Korean, which suggests that the attackers are ready to target Windows users all over the world. The ransom note instructs to send the ransom in 3 days to a dedicated Bitcoin Wallet (3QxVmxcyVcqDpuVJ8QTSy83BbWvZvCoYcV). So far, no one has transferred money, which is good news. If you were the pay the ransom, you would also be asked to email and for confirmation, which would expose your email address too! Without a doubt, we do not recommend getting involved. Cyber attackers have malicious intentions only, and their promises to decrypt files are, most likely, empty. Unfortunately, it appears that the only thing you can do is remove Sicck Ransomware.

The instructions you can see below are designed to help you understand the manual Sicck Ransomware removal process. As you can see, we cannot give you the exact name or location of the file that executes the threat, and that is because this is pretty random. The filename can be unique in every case, and the location depends on where, for example, you open email attachments. If you are inexperienced, deleting Sicck Ransomware manually might be quite challenging. The good news is that you do not actually need to remove the threat manually.

Instead, you can use anti-malware software. Reliable and legitimate software can automatically erase all existing threats and ensure that you do not leave anything behind by accident. That is definitely something you need to think about if you proceed with manual removal. While the ease of removal is definitely a good reason to install anti-malware software, it is most useful in terms of protection against malware attacks in the future. If you do not want to deal with ransomware and other threats in the future, go ahead and install trustworthy anti-malware software ASAP.

Sicck Ransomware Removal

  1. Right-click and Delete the .exe file that launched the infection.
  2. Right-click and Delete the files created by the ransomware in %HOMEDRIVE%:
    • Sicck.exe
    • How__to__decrypt__files.txt
  3. Empty Recycle Bin.
  4. Install a malware scanner and run it to have your operating system checked for malware leftovers.
Download Spyware Removal Tool to Remove* Sicck Ransomware
  • Quick & tested solution for Sicck Ransomware removal.
  • 100% Free Scan for Windows


  1. Ramonita Jan 17, 2019

    I am sure this post has touched all the internet viewers,
    its really really nice post on building up new web site.
    I could not resist commenting. Very well written! I could not refrain from commenting.
    Exceptionally well written!

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.