Threat Database Ransomware Shrug Ransomware

Shrug Ransomware

By GoldSparrow in Ransomware

The Shrug Ransomware is an encryption ransomware Trojan observed on July 6, 2018. The Shrug Ransomware is similar to most encryption ransomware Trojans active currently. The Shrug Ransomware will encrypt the victim's files, taking them hostage effectively, and then demand a ransom payment, which supposedly will pay for a decryption key.

The Shrug that may Cost your More Precious Files

The Shrug Ransomware uses the AES and RSA encryption to make the victim's files unreadable. The Shrug Ransomware demands a ransom payment of 50 USD in exchange for the decryption key needed to restore the affected files. The Shrug Ransomware targets the user-generated files. The Shrug Ransomware and similar threats favor some file types to encrypt, which include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Shrug Ransomware will deliver a ransom note to the victim's computer in the form of a lock screen after encrypting the victim's files and eliminating other alternate recovery methods (such as the Windows Shadow Volume Copies or the System Restore points). The Shrug Ransomware lock screen explains the attack and demands a ransom payment from the victim. After the Shrug Ransomware has encrypted the victim's files, the following lock screen will be displayed:

'I know what you're thinking. "What happened?" Well, the answer is quite simple. Before I tell you, promise me you will not get mad. Okay. Your PC was victim of a Ransomware attack. That means every important file is now encrypted and you can't access them. Oh, and there is this screen locker too. You don't have access to your PC anymore.
What a shame, huh? There is only one way to get your stuff back. $50. It isn't that much, cmon! I'll give you instructions on how to pay. Alright. To successfully pay the ransom and unlock all your sh*t, you will need Bitcoins. But wait, it is only 50 USD in Bitcoins, no worries.
Nothing to worry about. You can buy it in the internet. Oh, and don't even Google "how to remove a ransomware" because it will not help. When buying Bitcoins, you will need a wallet. You can create one at a website called Blockchain.
Now find a way to buy 50 USD in BTC. Google is your friend.
Then you must send the Bitcoins to the wallet specified in the right of the screen.
After that, write your wallet inside that text box and finally click the button "I paid!".
Wait some time until I confirm your payment and fix your files.
- Martha'

Dealing with the Shrug Ransomware

Although the Shrug Ransomware lock screen can be terminated, the files encrypted by the Shrug Ransomware will remain inaccessible. However, unlike most ransomware Trojans, it seems that PC security researchers have released a decryption utility, which can help computer users restore their files if they have been compromised by the Shrug Ransomware attack. This is, however, not common. In most cases, the victims will find that there is no way to restore files encrypted by an attack like the Shrug Ransomware. This is why computer users should have file backups of all of their data stored either on the cloud or an external device, out of reach of threats like the Shrug Ransomware.

Related Posts

Trending

Most Viewed

Loading...