Shark01@msgden.com Ransomware
The Shark Ransomware, also known as Shark01@msgden.com Ransomware because of its associated email address, is a ransomware Trojan from the CryptMix family of ransomware. The Shark Ransomware campaign first appeared on September 20, 2017. The Shark Ransomware is simply the latest in a line of several ransomware variants in the CryptMix family, using a different set of Command and Control servers than its predecessor (as a way to continue carrying out these attacks as PC security researchers blacklist IP addresses associated with this threat previously). The Shark Ransomware may be delivered via email spam attachments, typically in the form of a Microsoft Word file with enabled macro scripts that download and install the Shark Ransomware on the victim's computer. Like other encryption ransomware Trojans, the purpose of the Shark Ransomware is to encrypt the victim's files to make them inaccessible and then demand the payment of a ransom in exchange for the decryption key that is needed to restore the affected files.
Table of Contents
How this Shark will Attack a Computer and Encrypt Your Files
The Shark Ransomware will scan the victim's computer in search for certain file types, then create a list of the files to be encrypted. The Shark Ransomware will target the user-generated files, in an attempt to disrupt the victim's activities, but still retaining the operating system's functionality so that the victim can read a ransom note and carry out an online payment. Some examples of the files types that the Shark Ransomware will target in its attack include:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg, .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The files encrypted by the attack will be renamed, with the file's name replaced with 32 random characters followed by the file extension '.SHARK'. When the Shark Ransomware encrypts the files, the Windows Explorer will no longer recognize them up and they will show as blank icons.
The Shark Ransomware Ransom Demand
After the Shark Ransomware encrypts the victim's files, it demands a ransom payment. The Shark Ransomware drops text files on the victim's computer in the Downloads library, desktop, and other locations. This file is named 'HELP_INSTRUCTION.TXT' and is identical to the ones observed in other CryptMix variants. The full text of the Shark Ransomware ransom note reads:
'Hello!
Attention! All Your data was encrypted!
For specific information, please send us an email with Your ID number:
shark01@msgden.com
shark02@techmail.info
shark003@protonmail.com
We will help You as soon as possible!
'DECRYPT-ID-[8 CHARACTERS]-[4 CHARACTERS]-[4 CHARACTERS]-[4 CHARACTERS]-[12 CHARACTERS] number'
PC security researchers advise computer users to avoid paying the Shark Ransomware ransom amount since this allows these people to continue creating and developing threats. It is also very unlikely that they will keep their word and help the victims recover their files after an attack. They are just as likely to ignore the victims, ask for more money, or target them for future attacks (since they have already demonstrated that they are willing to pay the ransom).
Preventing a Shark Ransomware Attack
The best protection PC users can have against the Shark Ransomware is file backups on places that the threat cannot reach. Having backup copies of your files means that you can recover from a Shark Ransomware attack without having to restore by paying a ransom. Computer users also should learn to spot the tactics used to deliver the Shark Ransomware by taking precautions when dealing with unsolicited emails and email file attachments specifically.
