Shutdown57 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 5 |
First Seen: | August 7, 2017 |
Last Seen: | September 10, 2021 |
OS(es) Affected: | Windows |
The Shutdown57 Ransomware is an encryption ransomware Trojan that seems to be targeting Web servers and websites rather than individual computer users. There is little to differentiate the Shutdown57 Ransomware from most encryption ransomware Trojans. Like most others, the Shutdown57 Ransomware is designed to make the victim's files inaccessible, essentially taking it hostage. The Shutdown57 Ransomware will then demand the payment of a ransom in exchange for the decryption key required to decipher the affected files.
How the Shutdown57 Ransomware Prevent PC Users from Accessing Their Files
The con artists distributing the Shutdown57 Ransomware tend to look for poorly protected computers, searching for weak RDP Web interfaces and connections specifically. Whenever a vulnerable network is found, the con artists will use brute force methods and exploit known vulnerabilities to gain access to the targeted PC. They will then install the Shutdown57 Ransomware (and other threats). Once the Shutdown57 Ransomware is installed, it will take the victim's data hostage, encrypting it by using a strong encryption method. The Shutdown57 Ransomware will search for the following file types, and encrypt them to then demand a ransom from the victim:
.png, .psd, .pspimage, .tga, .thm, .tif, .tiff, .yuv, .ai, .eps, .ps, .svg, .indd, .pct, .pdf, .xlr, .xls, .xlsx, .accdb, .db, .dbf, .mdb, .pdb, .sql, .apk, .app, .bat, .cgi, .com, .exe, .gadget, .jar, .pif, .wsf, .dem, .gam, .nes, .rom, .sav, .dwg, .dxf, .gpx, .kml, .kmz, .asp, .aspx, .cer, .cfm, .csr, .css, .htm, .html, .js, .jsp, .php, .rss, .xhtml, .doc, .docx, .log, .msg, .odt, .pages, .rtf, .tex, .txt, .wpd, .wps, .csv, .dat, .ged, .key, .keychain, .pps, .ppt, .pptx, .ini, .prf, .hqx, .mim, .uue, .7z, .cbr, .deb, .gz, .pkg, .rar, .rpm, .sitx, .tar.gz, .zip, .zipx, .bin, .cue, .dmg, .iso, .mdf, .toast, .vcd, .sdf, .tar, .tax2014, .tax2015, .vcf, .xml, .aif, .iff, .m3u, .m4a, .mid, .mp3, .mpa, .wav, .wma, .3g2, .3gp, .asf, .avi, .flv, .m4v, .mov, .mp4, .mpg, .rm, .srt, .swf, .vob, .wmv, .3d, .3dm, .3ds, .max, .obj, r.bmp, .dds, .gif, .jpg,.crx, .plugin, .fnt, .fon, .otf, .ttf, .cab, .cpl, .cur, .deskthemepack, .dll, .dmp, .drv, .icns, .ico, .lnk, .sys, .cfg.
The Shutdown57 Ransomware also will encrypt files on directories shared on a network, allowing it to corrupt data across a company's network. The files encrypted by the Shutdown57 Ransomware attack will be identified with the file extension '.shutdown57,' added to the affected file's name. The Shutdown57 Ransomware also will deliver a ransom note in the form of a PHP file named 'shutdown57.php' dropped on the infected computer. This file only contains two lines of text, which read as follows:
'Encrypter 8y v1ru5
greenvirus707@gmail.com'
The victims of the attack are required to contact the con artists at their Gmail address, where they'll be told to pay a ransom, which may be thousands of dollars, depending on the amount of data encrypted and its contents. It is unusual for con artists to use Gmail email addresses in these attacks since Google will often take them down for going against their Terms of Service. However, it is clear that the Shutdown57 Ransomware carries out an effective ransomware attack that can claim the victims' money and data.
Protecting Computers against Threats Like the Shutdown57 Ransomware
Computer users can protect their data from threats like the Shutdown57 Ransomware by installing a security solution that is fully up to date. It also is a good move to secure Remote Desktop Protocol connections and other potential vulnerabilities to prevent third parties from installing the Shutdown57 Ransomware. Finally, having an adequate file backup system on external servers or the cloud is essential to protect your data from threats like the Shutdown57 Ransomware. Having the capacity to recover the data compromised by the Shutdown57 Ransomware attacks from a backup means that there is never any need to pay the Shutdown57 Ransomware ransom or interact with the con artists in any way.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.