Shifr Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 2 |
First Seen: | April 25, 2017 |
Last Seen: | October 18, 2019 |
OS(es) Affected: | Windows |
The Shifr Ransomware is a threat that is designed to encrypt the victims' data, making it inaccessible. This is done by these Trojans to force victims to pay a ransom to recover the affected data. After encrypting the victim's files, the Shifr Ransomware delivers a ransom note in the form of an HTML file named 'HOW_TO_DECRYPT_FILES,' demanding that the victim pays 0.1 BitCoin (approximately $130 USD at the current exchange rate) if they ever want to recover their files. Malware Trojans like the Shifr Ransomware use strong encryption algorithms such as the RSA 2048 and AES 256 encryptions to make the victim's files inaccessible to anyone without the decryption key. There was a marked rise in the number of ransomware Trojan attacks since 2015 and the sophistication of these threats.
You can't Access the Files Compromised by the Shifr Ransomware
The Shifr Ransomware carries out an effective attack on the victim's computer by blocking access to the victim's files until the ransom amount is paid. The Shifr Ransomware is being distributed through spam email messages aimed at computer users in Western Europe and the United States specifically. The Shifr Ransomware is not based on some of the commonly used open source ransomware projects like EDA2 or HiddenTear and seems to be a stand-alone project.
Once the Shifr Ransomware enters the victim's computer, it will begin encrypting the victim's files, targeting all files on the local drives, as well as on removable memory devices connected to the infected computer. The Shifr Ransomware will target numerous file types in its attack, including the files with the following extensions:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The Shifr Ransomware marks the files encrypted in the attack with the file extension '.shifr,' making it simple to know which files have been affected by the attack. The files encrypted by the Shifr Ransomware will no longer be accessible and show up as blank, unrecognized icons in Windows Explorer. The Shifr Ransomware delivers its HTML ransom note to the victim's desktop, and the file may be opened with the default Web browser on the infected computer. The following is part of the text of the Shifr Ransomware's ransom note:
'Your files have been encrypted! To decrypt your files, send 0.1 Bitcoin to this address:
[RANDOM CHARACTERS]
After your payment is complete. You can decrypt files with decryption program. Download decryption program here.
Decryption key. Not paid yet.
FAQ:
Question: Where can I get Bitcoin wallet?
Answer: Simple and easy to use wallet.
Question: Where can I buy Bitcoins?
Answer: Guide to various methods of buying Bitcoin.'
Dealing with a the Shifr Ransomware Infection
The files that have been encrypted by the Shifr Ransomware will no longer be accessible without the decryption key. Some computer users may consider the possibility of paying for the decryption key to recover some files that could be irreplaceable. However, PC security researchers strongly advise against this, since these people may ignore the ransom payment or continue extorting the victims, as well because paying the Shifr Ransomware ransom finances these activities, allowing these people to continue creating ransomware Trojans. Instead, PC security analysts recommend that computer users have file backups and a reliable security program to be fully protected from the Shifr Ransomware and similar attacks.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.