'.shit File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 8 |
| First Seen: | October 25, 2016 |
| Last Seen: | April 14, 2022 |
| OS(es) Affected: | Windows |
A new version of the Locky Ransomware Trojan is being identified as the '.shit File Extension' Ransomware currently, because of the file extension that it uses to identify the files affected during its attack. Locky is a well-known ransomware Trojan that has been responsible for numerous attacks since its first appearance. PC security analysts have observed countless variants of this attack. The '.shit File Extension' Ransomware, like previous versions of this threat, is contained in a corrupted DLL file that is executed by Rundll32.exe on the affected computer. Once this corrupted file runs, the '.shit File Extension' Ransomware will encrypt the victim's files and use the '.shit' extension to identify the files that have been affected by the attack.
How the '.shit File Extension' Ransomware Attacks Your Computer
The '.shit File Extension' Ransomware is being distributed through corrupted spam email attachments currently. The corrupted email messages containing the '.shit File Extension' Ransomware will use the subject line 'Receipt ###-###,' implying that the attached file (usually with HTA, JS or WSF extensions) is a receipt of some sort. When the victim downloads the file attachment, the '.shit File Extension' Ransomware will carry out its attack on the victim's computer. The '.shit File Extension' Ransomware can encrypt more than 380 different file types using the AES encryption. The following file types are targeted during the '.shit File Extension' Ransomware attack:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.
After encrypting the victim's files, the '.shit File Extension' Ransomware displays a ransom note with its payment instructions. These ransom notes use the following names:
_WHAT_is.html, _[2_digit_number]_WHAT_is.html
_WHAT_is.bmp.
Dealing with the '.shit File Extension' Ransomware
Unfortunately, the '.shit File Extension' Ransomware is like any other Locky variants in that there is no decryption utility. Victims of the '.shit File Extension' Ransomware attack will not be able to decrypt their files without access to the decryption key, which is held by the con artists responsible for the attack. PC security analysts strongly advise computer users against paying the '.shit File Extension' Ransomware's ransom. There is no reason to believe that the people responsible for the '.shit File Extension' Ransomware will keep their word and provide the decryption key. It is equally likely that they will ignore the victim's requests entirely or will ask for even more money.
The best way to deal with a '.shit File Extension' Ransomware attack is to restore all the affected files from a backup after wiping the affected drive or removing the '.shit File Extension' Ransomware with a reliable security application completely. Because of this, having backups of all files is an essential step that all computer users should take to keep their computers secure.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.