Shadow Ransomware

The Shadow ransomware is a nasty computer infection the only goal of which is to deceive you into paying a certain amount of money in return to access to your encrypted data. The infection locks your files by encrypting them so that you cannot use them as usual. Upon encryption, the threat displays a so-called ransom warning, which is also available as a separate file (payday.hta) in the %APPDATA% directory. The Shadow ransomware should be removed from the computer without paying attention to its warning. This piece or ransomware is schemers' another attempt to increase their profits, and you should not give in to the temptation to check whether the crooks behind the infection will do what they promise.

The Shadow malware targets an array of file formats, including .exe, .txt, and other commonly used files. Interestingly, the infection does not affect files located in the C:\Windows directory. Even so, having the Shadow ransomware on the computer means that you can barely do something with your data.

The Shadow ransomware is part of the BTCware ransomware family, which include the Nuclear ransomware and some other threats. All these threats have almost identical user interfaces and file extensions that are added to encrypted files. For example, the Shadow ransomware appends the extension [paypdayz@cock.li]-id-668 extension, the email address in which may vary. Similar templates for file extensions are used by the counterparts of this ransomware.

According to the ransom warning, you have to contact someone at paydayz@cock.lt to find out the amount of money that has to be paid as a ransom. The infection's ransom warning does not provide the exact sum, which is said to differ depending on how quickly you reach out to the attackers. A typical ransom warning would give the sum of money, which usually varies from $50 to $200. However, the latest infections, including Shadow ransomware, show that ransomware tendencies are shifting to new standards. Nevertheless, there is no reason to get involved with the crooks. The attackers want to receive the ransom in Bitcoin, which is a currency that has been highly popular among cyber criminals for the last years. The Bitcoin currency is not governed or owned by any authority. Moreover, it is used anonymously, which is probably one of key factors to those from the underground market.

In order to encourage you to make a Bitcoin payment, the attackers suggest decrypting up to 3 files the total size of which is up to 1 MB. Even if they decrypt those files, that does not prove that your money submission will end up with data encryption. Instead of wasting your money, you should remove the Shadow ransomware.

Before we expand on the removal of the Shadow ransomware, it is worth mentioning some preventative measures against malware. Without a doubt, a computer needs a reputable security tool, but you should be aware of possible ways of malware distribution so that you can minimize the risk of getting into the target of computer infections. Malware is distributed by email, including spam and phishing emails, so you should be very critical to every suspicious-looking email you receive. Software bundles accessible on freeware sharing websites are also used to spread malware. Sometimes, instead of some program, you may get a computer infection, such as Trojan horse or adware, so it is always useful to do some research on the selected software. It is also essential to keep the operating system updated. The same applies to software, which have also been used as a means of accessing computers of unsuspecting users.

When it comes to removal, you have two options. Below you will find our removal guidelines that should help you orient yourself in what should be done. Manual removal is easy in the present case because the Shadow threat does not spread its components across the OS. However, manual removal aside, a reputable security tool can do more. Your PC needs protection against multiple threats, including data-stealing Trojan horses, browser hijackers, adware, etc. Hence, we advise you to use our recommended tool, which eases your browsing sessions so that you do not have to worry about potential threats.

How to remove the Shadow ransomware

1. Find questionable files on the desktop and delete them.
2. Check the Downloads folder for malicious files and delete them if any detected.
3. If you have other locations to which files are downloaded, check them all for questionable files.
4. Empty the Recycle bin.