Threat Database Ransomware ShinoLocker Ransomware

ShinoLocker Ransomware

By CagedTech in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 38
First Seen: August 4, 2016
Last Seen: November 2, 2022
OS(es) Affected: Windows

The ShinoLocker Ransomware is a ransomware Trojan released for 'educational purposes.' The ShinoLocker Ransomware was presented at a conference, the Black Hat 2016, as a way to help PC security analysts understand ransomware threats. The ShinoLocker Ransomware is named after its creator, Shota Shinogi. According to him, the ShinoLocker Ransomware mimics how ransomware Trojans attack and computer researchers can use it to retrieve a decryption key from its memory.

The Problem with 'Educational' Ransomware Like the ShinoLocker Ransomware

One of the main problems with 'educational' ransomware like the ShinoLocker Ransomware is that con artists may adapt these threats for use in their own attacks easily. This has happened numerous times before, such as in the case of EDA2 and Hidden Tear, both published online and made available to PC security analysts. Unfortunately, con artists started using these to carry out online attacks.

The ShinoLocker Ransomware is billed as a ransomware simulator. The ShinoLocker Ransomware is not designed to extract a ransom to provide a decryption key. Supposedly, the ShinoLocker Ransomware is used so that PC security researchers can test their own capabilities and study how these attacks work. The ShinoLocker Ransomware is not particularly complicated. Anyone can go to a website linked to the ShinoLocker Ransomware and create their own ransomware executable file by entering the configuration settings into the website. These configuration options allow the ShinoLocker Ransomware to encrypt files of certain types, delete Shadow Volume Copies of encrypted files, and carry out other tasks similar to other ransomware threats.

When using default settings, there is an easy way to decrypt these files, and there is no need for ransom. However, it would be trivial for con artists to take the ShinoLocker Ransomware, change its default settings, and turn the ShinoLocker Ransomware into a ransomware attack, which is already freely available. In fact, it would be easy to adapt the ShinoLocker Ransomware so that it would display a ransom note and connect to a specific Command and Control server. In the end, the intentions behind the ShinoLocker Ransomware are good, since the purpose of the ShinoLocker Ransomware is to help PC security researchers improve their capabilities. Unfortunately, the ShinoLocker Ransomware may be abused by con artists to continue carrying out attacks. Hopefully, what happened in previous instances of 'educational' ransomware threats will not happen with the ShinoLocker Ransomware.

How the ShinoLocker Ransomware Works

Although the objective of the ShinoLocker Ransomware is to educate, computer users need to understand how real ransomware Trojans work. These threats carry out the same attack, with the intent of extorting money from the victim after encrypting files on the victim's computer. The actions that may be associated with encryption ransomware Trojans include.

  • Encryption ransomware Trojans may be delivered using corrupted email attachments. In the case of the ShinoLocker Ransomware, this threat is available for download.
  • Once these threats enter a computer, they will scan the victim's files, searching for files of a specific file type, and then encrypt these files using it's encryption algorithm.
  • The decryption data is stored on the threat's Command and Control server, and out of reach of the victims or their security software. Files encrypted this way may become useless and impossible to decrypt without access to the decryption key.
  • The con artists responsible for these threats may display a ransom note, threatening the victim by refusing to release the decryption key unless a large ransom is paid. Ransomware ransoms are typically paid using BitCoin or other anonymous payment methods. Their ransom notes may include a contact email or a Dark Web link.

    When one sees the patterns used by real threats, it is easy to see how the ShinoLocker Ransomware could be adapted to carry out real attacks. In theory, con artists would simply have to change their Command and Control server settings to ensure that the decryption key is not released until a ransom is paid.

    SpyHunter Detects & Remove ShinoLocker Ransomware

    Registry Details

    ShinoLocker Ransomware may create the following registry entry or registry entries:
    Software\ShinoLocker

Trending

Most Viewed

Loading...