Threat Database Ransomware Sherminator Ransomware

Sherminator Ransomware

File-encryption Trojans are special cyber-threats due to their ability to cause long-term damage that cannot be reversed by running an anti-virus tool and removing the infection. Even after a piece of ransomware is removed, the file it had encrypted previously will still be impossible to use. Sadly, this makes ransomware projects very profitable for cybercriminals, and this is why we keep seeing new file-lockers like the Sherminator Ransomware.

This file-locker is not new entirely as it shares a lot of similarities with the Mr.Dec Ransomware that was first analyzed in the summer of 2018. Sadly, a decryptor for neither of these is available at the moment, and their victims will be able to recover their files from a backup only. If you suspect that the Mr.Dec Ransomware or the Sherminator Ransomware have taken your files hostage, and you do not have a backup copy of your files, then you might be in a lot of trouble.

The Sherminator Ransomware Authors are Likely to Ask for Money

It is likely that the Sherminator Ransomware is being delivered to potential victims via bogus email attachments that are disguised as documents or archives. The best way to avoid harmful files is to use an anti-virus tool, as well as to avoid downloading files from shady sources. If you do not manage to stop the Sherminator Ransomware attack, then the file-locker will make sure to encrypt the majority of the documents, videos, photos, archives, and other files found on your computer. Victims of the Sherminator Ransomware may also notice that their encrypted files have had a unique extension appended to their name – ‘.[ID][ID].'

Just like any other file-locker, this one also finalizes the attack by creating a ransom note. It uses the file ‘Decoder.hta' for this purpose, and the file contains the email addresses that the attackers use for contact – and While the ‘Decoder.hta' file does not mention money, you can rest assured that the crooks behind the Sherminator Ransomware will not provide any decryption services free of charge.

It is advisable not to contact any of the email addresses that the attackers use because they will extort you for money by promising to provide you with a decryption tool. Their words cannot be trusted, and if you end up paying them, you may lose both your files and your money. Our suggestion is to use an anti-virus engine to remove the malicious program, and then restore your files from a backup or use different data recovery means.


Most Viewed