Sherminator Ransomware Description
File-encryption Trojans are special cyber-threats due to their ability to cause long-term damage that cannot be reversed by running an anti-virus tool and removing the infection. Even after a piece of ransomware is removed, the file it had encrypted previously will still be impossible to use. Sadly, this makes ransomware projects very profitable for cybercriminals, and this is why we keep seeing new file-lockers like the Sherminator Ransomware.
This file-locker is not new entirely as it shares a lot of similarities with the Mr.Dec Ransomware that was first analyzed in the summer of 2018. Sadly, a decryptor for neither of these is available at the moment, and their victims will be able to recover their files from a backup only. If you suspect that the Mr.Dec Ransomware or the Sherminator Ransomware have taken your files hostage, and you do not have a backup copy of your files, then you might be in a lot of trouble.
The Sherminator Ransomware Authors are Likely to Ask for Money
It is likely that the Sherminator Ransomware is being delivered to potential victims via bogus email attachments that are disguised as documents or archives. The best way to avoid harmful files is to use an anti-virus tool, as well as to avoid downloading files from shady sources. If you do not manage to stop the Sherminator Ransomware attack, then the file-locker will make sure to encrypt the majority of the documents, videos, photos, archives, and other files found on your computer. Victims of the Sherminator Ransomware may also notice that their encrypted files have had a unique extension appended to their name – ‘.[ID]
Just like any other file-locker, this one also finalizes the attack by creating a ransom note. It uses the file ‘Decoder.hta' for this purpose, and the file contains the email addresses that the attackers use for contact – email@example.com and firstname.lastname@example.org. While the ‘Decoder.hta' file does not mention money, you can rest assured that the crooks behind the Sherminator Ransomware will not provide any decryption services free of charge.
It is advisable not to contact any of the email addresses that the attackers use because they will extort you for money by promising to provide you with a decryption tool. Their words cannot be trusted, and if you end up paying them, you may lose both your files and your money. Our suggestion is to use an anti-virus engine to remove the malicious program, and then restore your files from a backup or use different data recovery means.
Do You Suspect Your PC May Be Infected with Sherminator Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Sherminator Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.