Shuriken Ransomware

In the course of analyzing cybersecurity threats, experts have identified a ransomware variant named Shuriken. This specific form of ransomware employs various tactics, such as encrypting files, modifying filenames, and generating a ransom note titled 'READ-ME-SHURKEWIN.txt.' Additionally, Shuriken presents an additional ransom note to victims before logging into the Windows operating system.

Shuriken incorporates the email address 'decryption@msgsafe.io' and the victim's ID at the beginning of filenames. It also appends the '. Shuriken' extension to further obfuscate the files. To illustrate, a file originally named '1.jpg' would be transformed into '[decryption@msgsafe.io][9ECFA74E]1.jpg.Shuriken,' while '2.png' would become '[decryption@msgsafe.io][9ECFA74E]2.png.Shuriken,' etc.

The Shuriken Ransomware Takes Victims' Data Hostage

The Shuriken Ransomware issues two ransom notes directing victims to contact the provided email address, decryption@msgsafe.io, for decryption assistance. In the event of no response within 24 hours, an alternative contact email, decryptor@waifu.club, is provided. Additionally, the option of reaching out via Telegram to @ShurikenAdmin is suggested for a faster decryption process.

The text file containing the ransom note underscores the decryption guarantee, allowing victims to submit up to 2 test files for free decryption. Specific instructions regarding file size, content, and compression methods are provided for this process.

It is strongly advised for victims not to pay ransom to threat actors, as there is no guarantee of receiving a decryption tool in return. Unfortunately, decrypting files without the involvement of cybercriminals is rarely feasible unless the ransomware has inherent vulnerabilities or flaws or if victims possess recent and unaffected data backups.

The prompt removal of ransomware from the operating system is of utmost importance. As long as a computer remains infected, ransomware has the potential to carry out additional encryptions and may even spread across a local network, exacerbating the impact of the attack.

Establish a Comprehensive Security Approach against Malware Infections

Establishing a comprehensive security approach against malware infections involves a multi-faceted strategy that encompasses various preventive, protective, and responsive measures. Here's a breakdown of key steps users can take to bolster their defenses:

• Install Reliable Anti-malware Software: Choose reputable anti-malware software from trusted vendors. Ensure that your software is updated regularly to detect and mitigate new threats.
•  Keep Operating Systems and Software Updated: Regularly update operating systems, applications, and software to patch vulnerabilities that malware may exploit.Enable automatic updates whenever possible to ensure timely protection.
•  Use a Firewall: Activate and configure firewalls on both network routers and individual devices. Firewalls function as a barrier between the Internet and your devices, blocking unauthorized access and potential malware.
•  Implement Email Security Measures: Be extra cautious with email attachments and links; avoid opening attachments or accessing on links from unknown or suspicious sources. Use email filtering tools to detect and quarantine potentially fraud-related emails.
•  Backup Important Data: Regularly back up critical data to an external device or secure cloud service. Ensure backups are not directly accessible from the network to prevent malware from compromising them.

By integrating these measures into a holistic security strategy, users can significantly enhance their defenses against malware infections and reduce the potential impact of cyber threats. Regularly updating and adapting these measures is crucial in the ever-evolving landscape of cybersecurity.

The text of the ransom note left to victims is:

'Your data are encrypted …

All your files have been encrypted by Shuriken !!!

To decrypt them send e-mail to this address : decryption@msgsafe.io

If you do not receive a response within 24 hours, send an email to this address: decryptor@waifu.club

Need a quick decryption ? Send a telegram message @ShurikenAdmin

Your DECRYPTION ID :

Enter the ID of your files in the subject!

What is our decryption guarantee?

Before paying you can send us up to 2 test files for free decryption !

The total size of files must be less than 2Mb.(non archived) !

Files should not contain valuable information.(databases,backups) !

Compress the file with zip or 7zip or rar compression programs and send it to us!

The message Shuriken Ransomware shows during login of the compromised machines is:

Encrypted by Shuriken

All your files have been encrypted due to a security problem with your computer
If you want to restore them, write us to the e-mail: decryption@msgsafe.io
Write this ID in the title of your message: -
In case of no answer in 24 hours write us to this e-mail: decryptor@waifu.club'