ShinoLocker Ransomware
Posted: August 4, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 89 |
| First Seen: | August 4, 2016 |
|---|---|
| Last Seen: | November 2, 2022 |
| OS(es) Affected: | Windows |
The ShinoLocker Ransomware is a file-encrypting Trojan whose purpose is providing demonstrative and educational value to anti-malware researchers. Although current versions of the ShinoLocker Ransomware offer free decryption solutions to any affected parties, con artists could modify this Trojan and create variants that are capable of conducting ransom-based campaigns. When not using this program for self-education, PC users should remove the ShinoLocker Ransomware, like any Trojan, with the usual anti-malware procedures and tools.
When Ransomware doesn't Always Correspond with Ransoms
One of the ironies of the anti-malware industry is the necessity of distributing knowledge about software that, if abused, could lead to the creation of new threats. The Hidden Tear project is one of the most significant examples of such vulnerabilities in this year, but, soon, another project may be guilty of causing similar problems: the ShinoLocker Ransomware. Black Hat 2016, a Las Vegas-hosted conference for the PC security industry, was the unveiling platform of the ShinoLocker Ransomware, as an example of how file-encrypting Trojans function.
Unfortunately, the ShinoLocker Ransomware's developer, Shota Shinogi, may have made this software slightly too authentic to keep it from being a potential threat to PC owners in the future. Relatively easy modifications to the ShinoLocker Ransomware could turn it from a demonstration Trojan into a file encryptor that can launch real ransomware-style demands and lock the victim out of recovering their data. Like Hidden Tear, making a variant of the ShinoLocker Ransomware is theoretically straightforward, giving so-called 'script kiddies' and other, untalented programmers new doorways into creating their personal data-ransoming campaigns.
However, malware experts emphasize that, by default, the ShinoLocker Ransomware does not load ransom messages and does not protect its decryption function by methods such as transferring its key to a Command & Control server. Some of the parameters that the ShinoLocker Ransomware's UI supports changing include the types of extensions it targets (such as DOC or MP3 files), whether or not it deletes the Windows Shadow Copy data and what Registry key it uses.
Limiting Your Future File Locker Problems
The ShinoLocker Ransomware has the potential for being a boon to the PC security industry by allowing new researchers to practice their skills and create new solutions to threats already deploying themselves in the wild. Simultaneously, it also could be a breeding ground for variants of threatening software, which malware analysts see routinely with Hidden Tear Trojans like the 8lock8 Ransomware and the GhostCrypt Ransomware. No currently threatening samples of the ShinoLocker Ransomware can be confirmed, and PC users should utilize standard anti-malware defenses against any possible variants of this Trojan.
Contact trustworthy PC security researchers for any additional help needed for decrypting data that the ShinoLocker Ransomware has attacked. Note that the ShinoLocker Ransomware does include options for erasing local backups, even in its default settings. This function makes your default Windows recovery features unlikely of being sources of data restoration. By contrast, any sufficiently-protected backups kept on detachable drives (such as your USB thumb drive) shouldn't be at risk.
When unwanted, you always should uninstall the ShinoLocker Ransomware with appropriate anti-malware programs. Although one shouldn't overlook its research potential, 'practice' Trojans like the ShinoLocker Ransomware always are double-edged programs that are equally capable of helping or harming PC users at large.