ShellLocker Ransomware
Posted: November 18, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | November 18, 2016 |
---|---|
Last Seen: | August 14, 2021 |
OS(es) Affected: | Windows |
The ShellLocker Ransomware is a Trojan that encrypts personal media, such as images, to force you into transferring the Bitcoin cryptocurrency to its administrator's account. Although free decryption products are not yet extant for the ShellLocker Ransomware, keeping backups that aren't compromised by the infection can give you another way to recover any blocked content. Malware experts find many samples of this threat using misleading file names, and you should use your anti-malware products to detect and remove the ShellLocker Ransomware during any stage of its attack.
A Trojan Throwing a Net on Your Media
Software compatibility is both important for legal software developers and for con artists, who need to guarantee that their attacks can impact as many victims as possible. For example, the use of Microsoft's famous .NET framework allows coders to design programs compatible with most versions of Windows. Unfortunately, it's just as easily turned to the purpose of enabling threatening software, including the NoobCrypt Ransomware, the SNSLocker Ransomware and the ShellLocker Ransomware.
The last of those three is the youngest, bearing compilation and distribution dates of early to mid-November. System introduction methods for the ShellLocker Ransomware disguise its Trojan installer as being a text document. In actuality, it's a batch file that uses CMD to install the ShellLocker Ransomware, after which the Trojan scans your PC for media, like documents, images or video formats.
Each piece of data that matches the ShellLocker Ransomware's format and directory 'hit list' is run through a simple encryption algorithm that encodes them with a cipher. After blocking you from your content, the ShellLocker Ransomware loads a Web pop-up relaying its instructions for paying Bitcoins to recover all the encoded data. Like many campaigns of file-encrypting Trojans also seen this year, malware experts also can verify this Trojan using a timer to hasten the payment process by threatening to delete your files at zero.
Cracking Open the Trojan Shell that's Keeping What's Yours
Since the ShellLocker Ransomware uses the .NET platform, its compatibility with most Windows PCs is very high, although non-Windows computers should be unaffected. PC owners having problems with identifying the affected files the Trojan is holding for ransom can search for the ShellLocker Ransomware's new extension, the '.L0cked' string. Non-local backups are the most often recommended recovery resource against file-encrypting Trojan attacks, and e-mail is the most common infection strategy, particularly for fake 'document' Trojans.
The ShellLocker Ransomware may try to block the desktop user interface or other applications. Whether or not you're able to launch appropriate anti-malware solutions, using Safe Mode or other secure system-booting techniques can give you a sterile environment for disinfecting your PC. Note that even after deleting the ShellLocker Ransomware with your choice of anti-malware tools, additional efforts are necessary for restoring your data by decryption or other means.
Some sources speculate of the ShellLocker Ransomware being another variant of the Exotic Squad Ransomware, although many of their components are in use by unrelated families of Trojans. Whatever the case of the ShellLocker Ransomware's real origin story, its simple existence is another data point for threat authors continuing to take control of the contents of your hard drive for lucre.
Update December 17th, 2018 — PewDiePie Ransomware
The PewDiePie Ransomware appears to be a joke project that, unfortunately, can cause a lot of harm without providing its victims with a reliable way to recover their files. This file-locker is written in .NET, and the bad news is that it does not appear to store the encryption keys used to lock the files. This means that even its authors will not be able to assist with the recovery of the encrypted files and the only reliable way to get all the data back is to restore it from a backup.
Usually, ransomware authors tend to request a ransom payment in exchange for decryption software, but the crooks behind the PewDiePie Ransomware are after something much simpler – a subscription to PewDiePie (the YouTube channel with the most subscribers.) Of course, PewDiePie did not get his follower base from fraudulent schemes like this one, and the PewDiePie Ransomware is nothing more than an atrocious act perpetrated by some of his viewers. All the files locked by this threat will have the ‘.PewDiePie’ extension added to their names.
There is a chance that the PewDiePie Ransomware might have been created for fun and its authors are not planning to distribute it, but it would not be a surprise if they decide to take the PewDiePie vs. T-Series feud too far. Regardless of their plans, it is advised to take the necessary measures to minimize the PewDiePie Ransomware’s chances of causing permanent damage to your files. There are many tips that you can use to achieve this, but here are the mandatory actions that you should take:
- Never download files from suspicious Web destinations and stay away from unknown file attachments.
- Make sure to keep your computer protected by a trustworthy anti-virus program.
- Back up your important files to safe storage regularly – either offline or the cloud.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.