The first week of November, 2018 saw a new cyberthreat on the block. The threat has been identified as a ransomware which goes by the name of Sicck Ransomware. What’s more interesting is that it seems to be associated with RaaS or ransomware as a service. RaaS is the latest cybercriminal strategy where cybercriminals purchase a ransomware from another group of cybercriminals in the underground cybercriminal forums.
Similar to other standard ransomware Sicck Ransomware stealthily enters PCs of its victims and begins its machinations to make them inaccessible. Security experts who have been involved in its ransomware removal process claim that it can infect any Windows Operating system including XP, Vista, 7,8,8.1, and even the latest 10! Likewise, for users who use internet irresponsibly, it is important to realize that the ransomware can easily infect mainstream web browsers like Mozilla Firefox, Google Chrome, Internet Explorer etc.
The ransomware has been known to make use of several encryption mechanisms. Many of these mechanisms are open-source .i.e. their code is available online. These types of codes are made available to educate cybersecurity students and professionals to for educational purposes. Unfortunately, sometimes, cybercriminals (like in this case) make a mockery of such initiatives.
Security professionals discovered two major encryption mechanisms during ransomware removal: RSA 2048 bit and AES 256 bit. The ransomware is deemed perilous because it carries the tools to disable ransomware removal tools and firewalls. Afterward, it modifies the settings of the system. As a result, the performance of the PC is heavily affected.
In the end, it starts the encryption process. All types of user files including multimedia, text files, IT files are encrypted by the ransomware. These files have a unique extension at the end of their filenames which represents their locked state. Generally, the extension follows this format: [developer’s_email]original_filename.sicck
