Shrug2 Ransomware

Posted: July 19, 2018

Shrug2 Ransomware Description

The Shrug2 Ransomware is a file-locking Trojan from the Hidden Tear family, which is an open-source Trojan that uses encryption for locking your digital media. This version of HT also includes a pop-up for providing its ransoming instructions for the unlocking feature, which malware experts discourage using. Free decryption utilities or backups can recover any content that this threat blocks and most anti-malware products can delete the Shrug2 Ransomware easily.

The Train that Shrugs While Running Over Your Files

The next version of Hidden Tear that's open to analysis by malware experts is showing some unusual choices in its theme, although the technical aspects of its attacks remain, for the most part, static. The Shrug2 Ransomware is gaining access to new Windows machines by pretending that it's a non-threatening document, after which, it can lock files and hold them hostage for its ransom. Unlike the majority of Hidden Tear variants, however, the Shrug2 Ransomware also drops components that imitate the payload of the '.wcry File Extension' Ransomware or the WannaCryptor Ransomware family.

The Shrug2 Ransomware uses the same style of AES encryption as other versions of its open-source family, such as the Boris HT Ransomware and the XeroWare Ransomware, or the older First Ransomware and the HappyLocker Ransomware. Each file that it locks with this data-encrypting attack, including documents, pictures, archives, or music, also receives the '.SHRUG2' extensions that the Trojan appends to the ends of their names. Then, the Shrug2 Ransomware launches the portion of its payload that it uses for extracting money from its victims: the pop-up.

This HTA pop-up uses a format that's identical to that of the one most popularized by the WannaCryptor Ransomware family, but with some changes: an image from the 'Thomas & Friends' train-themed cartoon, references to WannaCryptor Ransomware and the Petya Ransomware, and a new, static ransom demand of seventy USD via Bitcoins. Like many of the file-locking Trojans malware experts encounter, the Shrug2 Ransomware also uses a timer-based limit for tricking the victims into believing that not paying results in the deletion of their media – which is not a feature that Hidden Tear provides.

Taking Your PC Off of the Train Tracks

The atypical marketing of the Shrug2 Ransomware continues with its circulatory tactic, which is employing a fake download of the Codex Gigas (a Medieval manuscript also referred to as the 'Devil's Bible') for distributing and installing itself onto unprotected computers. Hidden Tear and its variants, including the Shrug2 Ransomware, only are compatible with the Windows systems, but for most versions of that OS, may block anywhere from dozens to thousands of files quickly and without displaying symptoms to give the attack away to any observing users. Having a secure backup is a vital means of defense against both the Shrug2 Ransomware and all Trojans of its general classification.

Any users who don't possess backups, or have had any backups deleted or encrypted, should contact an anti-malware researcher with experience with file-locking Trojans for help with decrypting their data. Although many versions of Hidden Tear use non-secure attacks that a free decryption program can reverse, this software may require updating for dealing with the latest Trojan variant. Qualified anti-malware tools also should delete the Shrug2 Ransomware on sight and provide the safest means of disinfecting your PC and preventing any further damage.

Like the classic hostage scenario of a damsel tied to the train tracks, the Shrug2 Ransomware takes helpless data and puts it at risk for mercenary motives. However, unlike people, data is something that users can copy and protect easily, making the Shrug2 Ransomware an inferior version of Snidely Whiplash decidedly.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Shrug2 Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Shrug2 Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.