Shrug Ransomware

The Shrug Ransomware is a file-locker Trojan that can keep your files from opening by encrypting them. The Trojan also commits attacks associated with delivering ransoming messages to its victims and blocking their access to the rest of the Windows UI. PCs with anti-malware protection should be capable of deleting the Shrug Ransomware immediately, and both backups and free decryption tools can provide data recovery for any victims who require it.

The Trojan Taking Your Money with Emotes

A file-locker Trojan that's distinct from families of pre-established ones, such as EDA2, the Jigsaw Ransomware or the GandCrab Ransomware, is engaging in attacks against Windows PC users for Bitcoins. The Shrug Ransomware's payload offers a contrast between its supposedly impenetrable barricade against the victim's files and OS interface, in comparison to the easy-to-break nature of its encryption routine. While its attacks are potentially threatening to the PC's local data, malware experts note that the Shrug Ransomware has few defensive countermeasures against traditional anti-malware technology.

The Shrug Ransomware's apparent development dates back no farther than the current year, and the size of its executable, uncompressed, is less than a megabyte. In a compatible Windows environment, the Shrug Ransomware can encrypt files using an AES algorithm, although malware experts, still, are determining the bit size of the accompanying key. It adds '.SHRUG' extensions onto these files that it's locking, but users may be incapable of accessing the Windows Explorer and finding them, due to its second feature.

The other function of the Shrug Ransomware's payload blocks the screen, as well, by creating a borderless pop-up window. This screen-locking message delivers a 'shrug' emoticon or emoji, a 50 USD-value Bitcoin-ransoming demand, and a field for validating the payment and unlocking your media. Even though the Shrug Ransomware's encryption method is not secure or sophisticated, users may be incapable of terminating the pop-up or changing focus to another window to interact with any other programs or their files.

Shrugging Out of Your File-Opening Problems

Researchers are offering decryption assistance for the Shrug Ransomware, and users struggling with the encryption of their files should recover them without needing to consider any ransoms. Because the Shrug Ransomware may impede essential access to the user interface, malware experts suggest restarting your PC with the Safe Mode feature enabled or booting from a secondary hard drive (such as a recovery USB) before taking any further actions. Having backups on other PCs also can provide recovery options, in the case that the Shrug Ransomware updates or re-secures its encryption feature, at a later time.

The Shrug Ransomware also has almost no significant obfuscation from the current threat-detecting metrics of various anti-malware products, which should block and quarantine or delete it automatically. The infection techniques that malware experts are confirming for high rates of abuse this year include spam e-mails (often, with attached and corrupted documents) and brute-force attacks against network logins. A majority of anti-malware solutions should delete the Shrug Ransomware securely and prevent the encryption from happening in most cases where the threat actor doesn't disable all security software beforehand.

With attacks that keep the idea of paying criminals for a solution in the forefront of the screen, it could be easy to assume that the ransom is the only way out of a Shrug Ransomware infection. However, playing a criminal's game always ends with the victim losing, and spending money when the best resolution method is free of charge.