Shifr Ransomware
Posted: April 25, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | April 25, 2017 |
|---|---|
| Last Seen: | October 18, 2019 |
| OS(es) Affected: | Windows |
The Shifr Ransomware is a Trojan that locks your files by encrypting them with a cipher such as theAES-128. Having well-maintained backups can reduce the Shifr Ransomware's potential for causing any damage, especially since following any provided instructions may not give you a decryptor. Use qualified anti-malware products to guard against common installation exploits, such as e-mail spam, or remove the Shifr Ransomware from an already compromised system.
The Trojans Shifting Your Files Just Barely out of Use
The people operating Trojan campaigns are maintaining strong preferences for collecting ransoms through methods not subject to being tracked or refunded. While old forms of ransom-based threats often preferred to use services like the now-defunct Ukash, the Shifr Ransomware embodies the modern trends of its black market industry by asking for cryptocurrency-based payments. The Shifr Ransomware forces these ransom transactions after locking the victim's local files, which has the potential to damage the affected content permanently.
Malware analysts only find English-based variants of the Shifr Ransomware, although this choice of language could be purely for compatibility with as many regions of the world as possible. The Trojan uses what's being estimated as an AES-based algorithm to encipher local content currently, such as videos or documents, on Windows machines. Victims may be able to detect this locked media by searching for '.shifr' extensions on the filenames.
The Trojan also is depositing a simple HTML-based ransom note onto the desktops of any compromised PCs. As of April 2017, the Trojan uses these messages to ask for 0.1 Bitcoins (which converts to 127 USD) before the threat actors agree to provide the download link for its decryption application. The failure to include a decryption module embedded in the Shifr Ransomware is significant due to reducing vulnerabilities that could help the anti-malware industry crack this threat's encryption routine and deliver free file-unlocking services. Simultaneously, the threat actors may just take their payment without giving you a legitimate download link.
Paying the Only Acceptable Price for Your Files
The Shifr Ransomware preys on vulnerable PC users who don't backup their media or take other steps to protect their locally-saved content from harm. Like any file-encrypting Trojan to date, keeping copies of your files on another, safe drive, and blocking its installation in the first place most directly weaken the Shifr Ransomware’s payload. Malware analysts also recommend monitoring your RDP settings, rotating network passwords, watching your Web-browsing activities for potential attacks and analyzing all downloads with appropriate security software.
Bitcoin and similar cryptocurrencies are high in preference for profit-minded con artists due to the non-traceable, non-refundable nature of such transactions. Always be aware that paying the Shifr Ransomware's ransom has no built-in guarantee of you getting access to either a decryption key or a program that can decrypt your files for you. High-quality anti-malware programs may delete the Shifr Ransomware either during or after its installation attempt but can't unlock any of the encoded content.
As con artists continue experimenting with different ways of demanding the same payments, victims should keep informing themselves of all the risks of digital extortion. The Shifr Ransomware and other, file-locking Trojans are only dangers to the poorly prepared and protected.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.