- Can't be uninstalled via Control Panel
- Installs itself without permissions
- Connects to the internet without permission
ShinoLocker Ransomware was developed as an educational software that allows you to create ransomware and test the capability of a security tool installed on the system. The first time it was shown to the public was during a presentation at the Black Hat 2016 event. A unique version of ShinoLocker Ransomware can still be created on its dedicated website. What seems to be the problem is that the software could be used by actual cyber criminals. Further in the article, we will present more details about the ransomware. We hope that it will help understand how the malware should work and how cyber criminals could modify it. Plus, we will also add removal instructions for users who want to eliminate the threat manually.
The educational ransomware was created by a security researcher known as Shota Shinogi. According to the description in the blackhat.com website the software was designed to “test your security performance against ransomware with it.” It also says that it acts “just like a real ransomware but does not ask for any money to get the crypt key.” Despite the fact that the software was created with good intentions, it does not change the fact that cyber criminals might release modified versions.
As we said earlier, ShinoLocker Ransomware’s source is a website called shinolocker.com. The site has instructions and also a video that shows how the software works. Apparently, the site contains a window where you can alter some parameters or leave the default ones. For example, users can choose file types that the ransomware would encrypt, set it to delete shadow copies or program it to leave them. Then, what is left is to click the “Build” button that downloads the malicious program’s file. Originally, as you launch the file, ShinoLocker Ransomware should start the encryption process. There should be a window called “ShinoLocker” as well. It shows progress, encrypted files, and below there are three steps that users should follow to decrypt their locked data.
The bad news is that anyone can get the software’s source code and create a unique variant of ShinoLocker Ransomware. Thus, cyber criminals could change not only the malware’s title but also its appearance. In that case, the victim might be unable to recognize the threat. Moreover, they could alter the code so that the malicious application would display a ransom note that might demand users to pay for the decryption key.
To make matters worse, it is also possible to develop a version without any safety switches. The educational variant was created in a way that if anything goes wrong, the user would be able to recover encrypted data. To be more precise, the original malware from the website should place copies of encrypted data inside the user’s Recycle Bin. Thus, if the user is unable to decrypt his data, it can still be recovered from the Recycle Bin. Nonetheless, as we mentioned before, versions built by cyber criminals might not come with such a safety switches.
If you download the educational version from the official site, the malicious file should be placed where you chose to save it. Nevertheless, the malware should make a copy of the file and place it in one of the folders on the system. Of course, in this case, the malicious program should remove itself once it decrypts your data. However, in case the user receives a modified variant, it is better to know how to erase it manually. To eliminate the malware, you would have to delete not only the infected file that you saved in the Downloads, Desktop, or other directories but also its copy. If you check the instructions below it will guide you through the process. Also, ShinoLocker Ransomware can be removed with a legitimate antimalware tool too. Just, install the tool, launch it, and perform a system scan. As the results show up, click the deletion button, and the threat will be erased.
Eliminate ShinoLocker Ransomware