Shifr Ransomware

The Shifr Ransomware is a threat that is designed to encrypt the victims' data, making it inaccessible. This is done by these Trojans to force victims to pay a ransom to recover the affected data. After encrypting the victim's files, the Shifr Ransomware delivers a ransom note in the form of an HTML file named 'HOW_TO_DECRYPT_FILES,' demanding that the victim pays 0.1 BitCoin (approximately $130 USD at the current exchange rate) if they ever want to recover their files. Malware Trojans like the Shifr Ransomware use strong encryption algorithms such as the RSA 2048 and AES 256 encryptions to make the victim's files inaccessible to anyone without the decryption key. There was a marked rise in the number of ransomware Trojan attacks since 2015 and the sophistication of these threats.

You can't Access the Files Compromised by the Shifr Ransomware

The Shifr Ransomware carries out an effective attack on the victim's computer by blocking access to the victim's files until the ransom amount is paid. The Shifr Ransomware is being distributed through spam email messages aimed at computer users in Western Europe and the United States specifically. The Shifr Ransomware is not based on some of the commonly used open source ransomware projects like EDA2 or HiddenTear and seems to be a stand-alone project.

Once the Shifr Ransomware enters the victim's computer, it will begin encrypting the victim's files, targeting all files on the local drives, as well as on removable memory devices connected to the infected computer. The Shifr Ransomware will target numerous file types in its attack, including the files with the following extensions:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Shifr Ransomware marks the files encrypted in the attack with the file extension '.shifr,' making it simple to know which files have been affected by the attack. The files encrypted by the Shifr Ransomware will no longer be accessible and show up as blank, unrecognized icons in Windows Explorer. The Shifr Ransomware delivers its HTML ransom note to the victim's desktop, and the file may be opened with the default Web browser on the infected computer. The following is part of the text of the Shifr Ransomware's ransom note:

'Your files have been encrypted! To decrypt your files, send 0.1 Bitcoin to this address:
[RANDOM CHARACTERS]
After your payment is complete. You can decrypt files with decryption program. Download decryption program here.
Decryption key. Not paid yet.
FAQ:
Question: Where can I get Bitcoin wallet?
Answer: Simple and easy to use wallet.
Question: Where can I buy Bitcoins?
Answer: Guide to various methods of buying Bitcoin.'

Dealing with a the Shifr Ransomware Infection

The files that have been encrypted by the Shifr Ransomware will no longer be accessible without the decryption key. Some computer users may consider the possibility of paying for the decryption key to recover some files that could be irreplaceable. However, PC security researchers strongly advise against this, since these people may ignore the ransom payment or continue extorting the victims, as well because paying the Shifr Ransomware ransom finances these activities, allowing these people to continue creating ransomware Trojans. Instead, PC security analysts recommend that computer users have file backups and a reliable security program to be fully protected from the Shifr Ransomware and similar attacks.