Sherminator Ransomware
The Sherminator Ransomware is a variant of the Mr.Dec Ransomware, a file-locking Trojan without a known family. Its symptoms include blocking the user's media through encryption, adding new information (such as ID strings) to the filenames, and creating advanced HTML ransom notes. Users should ignore the ransom demands and employ competent anti-malware services for uninstalling the Sherminator Ransomware safely.
December Returns Ahead of Schedule
Even though Ransomware-as-a-Service families and Hidden Tear variants make up the majority of their underground 'market,' independent works also thrive. A semi-rare occurrence of a lone wolf Trojan from 2018 is reappearing a year later, with a different name and contacts. Although the Sherminator Ransomware's basis is ancient code, its encryption and file-locking routine is as strong as ever.
The Sherminator Ransomware is a new, slightly-edited version of the Mr.Dec Ransomware, which displays symptoms not very different from the Globe Ransomware and the Crysis Ransomware families. After locking files by converting them into encrypted versions, the Sherminator Ransomware and Mr.Dec Ransomware change the filenames with additional ID inclusions. The Sherminator Ransomware, unlike most families and its ancestor, use two, separate blocks of brackets with 'ID' strings for enclosing the ID serial, as opposed to a single set.
The Sherminator Ransomware also has a colorful pop-up message that serves as its ransom note. The instructions emphasize the victim's quick response without giving any particular deadline and include two, free e-mail addresses for contacting the criminal. Readers familiar with the Sherminator Ransomware's old version, however, might remember that its threat actor has a history of providing a fake decryption tool after getting the ransom, which doesn't unlock or decrypt the files.
Getting Around a 'Terrible Virus' Crisis
The Sherminator Ransomware's English-language extortion note colloquially identifies the Trojan as being a virus, although it doesn't fit the technical definition of such. Victims aren't in danger of having additional files compromised by the Sherminator Ransomware's injecting its code into them for propagation purposes. However, the file-locking feature remains non-correctible by free tools.
Since most file-locker Trojans share the above issue, users always should take precautions for keeping their content safe from encryption attacks. Backups saved to NAS or vulnerable network-shared devices can be at risk of locking or deletion, and, in most cases, the Windows' default Shadow Volume Copies experience erasure as a matter of course. Anti-malware services only can remove the Sherminator Ransomware after the fact or stop infections, not recover any blocked media.
While malware analysts haven't analyzed the paths through which the Sherminator Ransomware is compromising users, the odds are that the victims share some of the blame. Clicking on an attachment or obscured link, downloading a torrent, or enabling a macro are just some of the ways that a for-profit threat like the Sherminator Ransomware can start making its money at the expense of your files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.