Threat Database Ransomware ShutUpAndDance Ransomware

ShutUpAndDance Ransomware

By GoldSparrow in Ransomware

The ShutUpAndDance Ransomware is an encryption ransomware Trojan that was first observed on July 24, 2018. The ShutUpAndDance Ransomware is a variant of HiddenTear, an open source ransomware platform that was first observed in August 2015. The ShutUpAndDance Ransomware carries out a typical encryption ransomware attack, taking the victim's files hostage and demanding a ransom payment. By taking steps to protect their data from threats like the ShutUpAndDance Ransomware PC users can avoid countless problems and monetary loss.

Detailing the ShutUpAndDance Ransomware Attack

The ShutUpAndDance Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The ShutUpAndDance Ransomware will encrypt the victim's files and add the file extension '.ShutUpAndDance' to the file's name. The ShutUpAndDance Ransomware targets the user-generated files in its attack while avoiding the Windows system files. Once the ShutUpAndDance Ransomware is done with the files' encryption, these files will be inaccessible, and the only recourse to recover the data is a decryption key, which the criminals hold in their possession. Threats like the ShutUpAndDance Ransomware target some file types in the attacks, which includes:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

After the ShutUpAndDance Ransomware encrypts the victim's files, the ShutUpAndDance Ransomware delivers a ransom note, which is presented as a text file named 'HOW TO DECRYPT FILES.txt,' which will be dropped on the infected computer's desktop. The ShutUpAndDance Ransomware demands that the victim contacts the criminals via email, and will ask for a ransom of several hundred USD to be paid using Bitcoin. The instructions in the ShutUpAndDance Ransomware ransom note should be ignored and, instead, preventive measures should be taken to ensure that any data does not fall prey to attacks like the ShutUpAndDance Ransomware.

Protecting Your Data from Threats Like the ShutUpAndDance Ransomware

The best protection against threats like the ShutUpAndDance Ransomware is to have file backups stored on the cloud. If you have file backups in an external memory device or on the cloud, then the files compromised by the ShutUpAndDance Ransomware's encryption algorithm can be deleted and replaced with a backup copy. Apart from file backups, it is important to have a security program to protect your data. When dealing with threats like the ShutUpAndDance Ransomware, computer users should be aware of the most common ways in which they are distributed. The ShutUpAndDance Ransomware, like many other encryption ransomware Trojans, is often distributed through spam email attachments. Because of this, learning to recognize and deal with spam email tactics is an essential part of ensuring that your data is not compromised by threats like the ShutUpAndDance Ransomware. The ShutUpAndDance Ransomware, as well as other ransomware variants, also can be distributed using corrupted advertisements, fake online downloads, or by hacking into the victim's computer directly. Strong passwords and safe online browsing practices can help computer users keep their data safe.


Most Viewed