Shrug Ransomware

Shrug Ransomware is a malicious application that uses the so-called shrug emoji when displaying a ransom note. The malware’s message claims all the user’s essential files were encrypted and in order to get them back, he has to pay a ransom of 50 US dollars. In return, the hackers behind this threat promise to send instructions on how to unlock the infected computer’s screen and decrypt affected files. We would not advise trusting these people as chances are they could be trying to scam you. Not to mention, it appears to be the malicious application is decryptable as the volunteer IT specialists managed to create a working decryption tool. Meaning, instead of paying the ransom you could try searching the Internet for the mention means to unlock your enciphered data. However, users should be cautious while searching for it because harmful sites might offer fake decryptors, so it is best to look for reputable sites only. If you continue reading the article, we will tell you more about Shrug Ransomware and to erase it manually you could use the instructions available below.

Like many other ransomware applications, Shrug Ransomware should be spread through malicious Spam emails, fake software setup files, and so on. This is why to protect the system against such threats our researchers recommend not to open untrustworthy data downloaded from torrent and other similar unreliable web pages or received via email. If you feel you must open the file for any reason, but you suspect it could be harmful, the best idea would be to scan it with a reliable antimalware tool of your choice. Unfortunately, once the infected file is launched the malware should start encrypting his data almost immediately. According to our researchers, Shrug Ransomware targets various personal files, for example, user’s photographs, videos, archives, and so on.

The next step is locking the user’s screen to prevent him from accessing his computer. The message on top of the locked screen is called ransom note. It might say you cannot unlock the screen without the help from the malicious application’s developers, but the truth is the screen can be easily unlocked by restarting the computer. As you see, the Shrug Ransomware does not create a specific Registry entry that would make the system launch the malware automatically. Therefore, by restarting the computer, the victim should kill the infection’s process, and the screen would only be blocked if the user would relaunch the malware’s installer. Thus, provided you do not make the same mistake, restarting the system should do the trick.

Another thing you might have noticed while reading the Shrug Ransomware’s ransom note is all your personal files were encrypted and to get them back you could be asked to pay a ransom in Bitcoins. As the malicious application’s creators say, the sum should be equal to 50 US Dollars. It could seem like a small amount, and your files might be worth risking it, but as we explained earlier, there is a chance you may not have to risk it. At the moment of writing, our researchers report there is a decryption tool available online free of charge. Users should be aware of the fact volunteer IT specialists developed it, and it can be obtained through a particular legitimate website. What we are trying to say is if you need this tool, you should look for it carefully and try avoiding malicious web pages suggesting fake decryption tools.

Moreover, we should mention all encrypted files can be replaced with backup copies. In other words, if the victim was smart enough to backup all essential files he might not have to depend on any decryptors. Just make sure you erase Shrug Ransomware properly before uploading any copies to keep them safe. More experienced users could try deleting the malware with our manual removal instructions available below. On the other hand, if you do not think you are skilled enough for such a task you could acquire a reliable antimalware tool instead of complete our provided steps and use it to get rid of the threat.

Eliminate Shrug Ransomware

1. Restart the computer to unlock the screen and kill the malicious application’s process.
2. Press Win+E.
3. Check the following paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
4. Locate the malware’s installer (file opened before receiving the threat).
5. Right-click the suspected file and pick Delete.
6. Close File Explorer.
7. Press Win+R.
8. Insert Regedit and select OK.
9. Navigate to HKEY_CURRENT_USER
10. Search for a key titled Shrug, right-click it and press Delete.
11. Close Registry Editor.
12. Empty Recycle Bin.
13. Restart the system once more.