Ransomware removal experts have found a new threat in the security space, Shrug Ransomware. The ransomware is deemed perilous because it employs the strategy of drive-by attacks.
A drive-by attack is a cyber attack in which hackers corrupt a website with malicious code. Those who visit it are then infected with Shrug Ransomware. According to ransomware removal experts, this is dangerous because unlike other ransomware where victims have to download an attachment or click a harmful link. In this case, netizens can be infected while surfing any website in the vast world of the Internet.
Shrug Ransomware was first noticed in the first week of July by ransomware removal experts as they discovered its presence in many hoax apps and games that have been distributed on the Internet as well as on mobile application stores. Files of victims are locked with an extension of .shrug. After the infiltration of the ransomware as well as successful encryption of the files, users are demoralized with a ransom note.
Analysis of the Ransom Note
Ransomware removal experts found the ransom note with a tone that consistently taunts victims. The ransom note acknowledges the presence of a ransomware in the victims’ PC and demands a ransom in the form of Bitcoin worth $50 for the return of access of the locked files. The attacker refers to themselves as “Martha”.
Since many users do not have the idea and knowledge regarding cryptocurrencies and Bitcoin, therefore many ransom notes consist of concise and thorough details regarding the purchase and transfer of funds. Hence, Shrug’s ransom note also provides instructions on how to purchase Bitcoin and transfer crypto funds to the hackers’ wallets. Like other ransom note, Shrug also contains a threat about the deletion of the locked files if the victim fails to comply with their demands.
