Shrug: A new form of ransomware is distributed with attacks drive-by, but the malware contains errors in its coding. Below we will see how you can recover your locked files for free.
Shrug ransomware first appeared on July 6 and is embedded in fake software and game applications. Those who download such an application also acquire the malicious file that locks their files.
The ransom note reads:
I know what you're thinking, What happened? The answer is very simple Before I tell you, promise you won't go crazy.. Ok o computerYou are the victim of a Ransomware attack” it says message and at the end he asks $50 in Bitcoin to decrypt the files.
Like other ransomware, the note also has instructions on how to purchase and transportof Bitcoin, as well as a threat that all files will be completely destroyed in three days if the ransom is not paid. Encrypted files are locked with a .SHRUG extension.
Shrug uses a random set of keys for each user, but its researchers security company LMNTRIX, found that the creators of the ransomware left the keys they needed to unlock the files in a folder, allowing their victims to retrieve their files without paying the ransom. Keys found embedded in the registry, encrypted.
To decipher your infected files from the Shrug ransomware, you will need to restart the infected machine to end the process that uses the ransomware to lock the mouse and the keyboard.
After that, you will need to open File Explorer to go to the installation path of Shrug ransomware:
C: \ Users \ USERNAME \ AppData \ Local \ Temp \ shrug.exe
Delete the file shrug.exe file by pressing Shift and Delete together.
Then open the RUN application by typing "RUN" in the Windows search. Then type "Regedit" to open the registry.
Follow the route:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Find the key labeled "Shrug", and delete it. Then clean the recycle bin, and restart your machine and the ransomware will disappear.
Shrug indicates that it is possible to build ransomware from criminals who do not have the necessary skills to do it effectively.
The low value of the ransom may also suggest that the attackers were not so sure about their product, which may still be under development.
Malware reminds us once again that we need to download software only from trusted sources.
___________________
- Windows 10 April: Have you lost your desktop?
- Kaspersky Lab: Yes we have collected NSA files
- Dark Patterns: How they mislead the wrong privacy options
- Task Manager which applications consume more power?
- 600 mining servers made wings: cost 2 million dollars