Shrug: A new form of ransomware is distributed through drive-by attacks, but malware contains bugs in its encoding. Below we will see how you can retrieve your locked files for free.
Shrug ransomware first appeared on July 6 and is embedded in fake software and game applications. Those who download such an application also acquire the malicious file that locks their files.
The ransom note reads:
I know what you think, What happened? The answer is very simple. Before I tell you, promise you that you will not go crazy.
Like other ransomware, the note also includes instructions on how to buy and transfer Bitcoin, as well as a threat that all files will be destroyed altogether in three days unless the ransom is paid. Encrypted files are locked with an .SHRUG extension.
Shrug uses a random set of keys for each user, but its researchers security company LMNTRIX, found that the creators of the ransomware left the keys they needed to unlock the files in a folder, allowing their victims to retrieve their files without paying the ransom. Keys found embedded in the registry, encrypted.
To decipher your infected files from the Shrug ransomware, you will need to restart the infected machine to end the process that uses the ransomware to lock the mouse and the keyboard.
After that, you will need to open File Explorer to go to the installation path of Shrug ransomware:
C:\ Users \ USERNAME \ AppData \ Local \ Temp \ shrug.exe
Delete the file shrug.exe file by pressing Shift and Delete together.
Then open the RUN application by typing "RUN" in the Windows search. Then type "Regedit" to open the registry.
Follow the route:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Find the key labeled "Shrug", and delete it. Then clean the recycle bin, and restart your machine and the ransomware will disappear.
Shrug indicates that it is possible to build ransomware from criminals who do not have the necessary skills to do it effectively.
The low value of the ransom may also suggest that the attackers were not so sure about their product, which may still be under development.
Malware reminds us once again that we need to download software only from trusted sources.