Shutdown57 Ransomware
Posted: August 7, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | August 7, 2017 |
|---|---|
| Last Seen: | September 10, 2021 |
| OS(es) Affected: | Windows |
The Shutdown57 Ransomware is a Trojan that encrypts the files on your PC and creates messages asking for money to unlock them. Its attacks may be targeting server-based systems, such as those of unprotected small businesses, which would allow the Trojan to lock and ransom large quantities of valuable data. Using secure login security protocols, implementing comprehensive backups, and having anti-malware programs able to delete the Shutdown57 Ransomware as quickly as possible all are ideal steps for dealing with this threat.
A System Shutdown with a Little AES on the Side
For a threat actor in need of new code, 'open-source' is a term that often equates to 'free Trojans.' Previous campaigns leveraging encryption as a way to extort money often came from families like Hidden Tear and EDA2, which, in theory, were provided out of good intentions. Now, another family may be springing up out of purely harmful intent, thanks to the bug7sec team. This group of threat actors has been the origin point for several threats in the past months, including the Shutdown57 Ransomware.
Based on the evidence available to malware analysts, so far, the Shutdown57 Ransomware appears to be introduced to new systems manually. The threat actors compromise a server through other methods, such as phishing for login data or using a brute-force program. Then, they install and run the Shutdown57 Ransomware manually. At run time, the con artists specify a key for the Shutdown57 Ransomware to use with its AES-based encryption function, which enciphers and blocks various file formats on the server.
The Shutdown57 Ransomware flags any files it locks with '.shutdown57' extensions before creating a PHP ransom note. Once the payload completes, the threat actor may uninstall the Shutdown57 Ransomware to eliminate any evidence of the security breach. Although the Shutdown57 Ransomware's administration panel does include a decryption function, malware analysts have not been able to confirm whether or not this feature works as advertised for restoring the victim's files.
Shutting Down File-Extorting Attempts before They can Happen
Attacks like the Shutdown57 Ransomware's campaign often require already-present security flaws for compromising a target and its file data. Weak passwords run high risks of compromise by brute-force-based software that con artists can use for testing large quantities of login combinations quickly, and phishing tactics sometimes may seek to collect login information under misleading circumstances. Additionally, encryption attacks are most effective against targets without secure backups, since Trojans like the Shutdown57 Ransomware can delete or encrypt local backups without much difficulty.
It's up to a PC's user to practice good password-maintenance habits, but most anti-malware products can identify threats capable of installing file-encoding Trojans through disguised methods, such as e-mail attachments or fake software updates. Victims who are trying to recover from the Shutdown57 Ransomware infections also may wish to quarantine and preserve copies of the threat and any related files that malware researchers could use for exploring the chances of developing a free decryption solution. Until such a time as that occurs, users should back their media up and have anti-malware programs for uninstalling the Shutdown57 Ransomware safely and promptly.
The Shutdown57 Ransomware could be just the crest of a wave of new Trojans arising from the same code, which is freely available. Although threat actors inevitably have the numbers on their side, fortunately, the most appropriate defenses against harmful encryption scenarios are just as broadly applicable as the code that the Shutdown57 Ransomware is 'borrowing.'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.