Shadi Ransomware
The Shadi Ransomware is a file-locking Trojan that locks movies, pictures, documents, and other digital media by encrypting the files individually. The 'shadi' extensions that it adds to these files are notable symptoms, along with the Notepad ransoming message, which includes unusual references to the system's IP address. Ignore the ransom demands, remove the Shadi Ransomware with the anti-malware product you prefer, and recover any files from your last backup, if one is available.
Ransom Demands Casting New Shade
A new, file-locking Trojan is attacking Windows users in Vietnam, although its payload is less culturally discriminate than its distribution. Assuming that the ransom notes that malware experts are seeing are up-to-date, the Shadi Ransomware's campaign has failed at collecting any ransoms. However, even if it doesn't get paid for it, it can keep the files on your computer from opening permanently.
The Windows-based the Shadi Ransomware runs off of attacks not too different from those of the Hidden Tear Project or the Dharma Ransomware, for two of countless, competing examples. It can encrypt text documents, movies, archives, images, audio, and generic database information with an unknown and possibly unbreakable cipher. It adds '.shadi' extensions to their names without deleting the first extension. While the latter symptom is, generically, part of most file-locker Trojans, malware analysts have no other cases of different Trojans employing the 'shadi' string.
The Shadi Ransomware is using a generic, English ransoming message that has a few details worth noting. Firstly, malware researchers find no payments in its associated wallet address, even though the threat actors are demanding an upfront payment of 300 USD value. Secondly, the Shadi Ransomware doesn't generate a custom ID for the transaction. Oddly, it uses the local IP address, which it adds into a new text file in the C drive (presumably, in case the user isn't aware of how to retrieve that information by themselves). The fact that the changing of the address could interfere with tracking decryption purchases doesn't seem to be of concern to the threat actors.
Stopping the Three Hundred-Dollar Problem
The Shadi Ransomware is more open about its attacks than many Trojans in the Ransomware-as-a-Service industry or elsewhere, which can withhold the price of the decryptor until afterward. However, its honesty about the cost doesn't make its decryption help any more likely of occurring, and malware experts still caution against paying rashly. Nearly all PC users, in Vietnam or otherwise, can benefit from having backups that allow restoring their files after attacks like those of the Shadi Ransomware.
The Shadi Ransomware attachments may circulate over e-mail, instant messages or social media posts. Other attacks that malware experts typically relate to file-locker Trojans include brute-force compromises of server logins, and, in lower numbers, exploit kits that abuse browser vulnerabilities and shared torrents. Scanning new files once you download them, disabling risky features like JavaScript, and avoiding passwords that would be highly-breakable are applicable defenses, while most anti-malware software should delete the Shadi Ransomware.
The payload of this Trojan doesn't seem to confine any of its symptoms or attacks to Vietnamese PCs, specifically. Windows users have one more problem regarding file security, but, fortunately, it's just as easy to cure as the old ones, assuming that you have a backup.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.