Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Shrug2 Ransomware

Shrug2 Ransomware does not offer a simple shrug. It offers misery and despair. That is because this malicious threat encrypts personal files, and it is unknown if it is even possible to decrypt them. According to our research team, there is a possibility that more information will come in the future, but, in the meantime, we cannot offer you any solution to recover files. Of course, if backups exist (preferably outside the operating system), you do not need to restore files because you can access copies. If you do not use backups, you want to set them up as soon as possible. You can purchase an external drive that is big enough for your needs, or you can use one of the many available online clouds (e.g., Dropbox or Google Drive). Malware, technical issues, and theft of the device could lead to loss of personal data, which is why you want to have it backed up at all times. If backups do not exist, you are in trouble, as you cannot recover files by removing Shrug2 Ransomware. That being said, you must delete this threat, and you must do it as soon as possible.

There is no doubt that Shrug2 Ransomware is a new variant of Shrug Ransomware, but this malware has an upgraded look, and it affects more files than the original version. According to our analysts, the second version can corrupt 76 types of files in the C:/ drive, including those with JPG, DOC, AVI, TXT and RAR extensions. Speaking of extensions, when the infection encrypts files, it adds “.SHRUG2” to the original names. Once the files are fully corrupted, Shrug2 Ransomware drops a file named “@ShrugDecryptor@.lnk” onto the Desktop. This file launches the ransomware window entitled “ShrugDecryptor.” The timer on the left gives three days to take action, after which, the corrupted files are deleted. This is not just an empty threat. This malicious ransomware actually can delete files, which does not really matter if it is not possible to restore them in the first place. That being said, the infection is powerful, there is no denying that. The window also contains a message that our research team identifies as the “ransom note.” You can read it, but you should not obey the demands that are made via it. If you do, you are likely to lose more than you could gain.

The ransom note is meant to convince you that you need the so-called decryption service. It informs that the recovery of files is guaranteed if you follow the instructions and pay a ransom, but the fact is that there are no guarantees, just the word of cyber criminals. The ransom is not big. In fact, it is just 70 USD. That is not an insignificant sum, but if you compare it to the ransoms requested by GandCrab4 Ransomware (~1200 USD), Jewsomware Ransomware (600 EUR), or The Brotherhood Ransomware (100 BTC or ~736,000 USD), it is small. Victims are asked to pay it to the 1Hr1grgH9ViEgUx73iRRJLVKH3PFjUteNx Bitcoin Wallet. So far, no money has been transferred to this address. The ransom note also includes a suggestion to uninstall antivirus software because it could, allegedly, delete the window during the decryption process. Well, it is unlikely that such software exists at all if Shrug2 Ransomware managed to slither in. Keep in mind that virtual protection is important because many different kinds of security vulnerabilities can be used by malware distributors.

When Shrug2 Ransomware invades your system (most likely, via spam emails) and encrypts your files, it also gathers information about your operating system. This information will be stored until you delete the threat and its malicious components. So, how should you go about this? Can you delete Shrug2 Ransomware manually? That depends on your skills and experience. If you are not able to find the executable that launched the infection, you will not succeed. Of course, manual removal should be performed in certain cases only. The majority of users should employ anti-malware software to handle the removal. The fact is that malware got in, and that means that that could happen again. The right anti-malware software can ensure that you and your personal files are safe, and so it is high time you installed it. An added bonus is that this software can automatically remove the malicious ransomware and other threats if they exist.

Shrug2 Ransomware Removal

  1. Tap keys Ctrl+Alt+Delete.
  2. Select Start Task Manager.
  3. Click the Processes tab.
  4. Right-click the malicious {random name} process (only if you recognize it) and select Open File Location.
  5. End Process in the Task Manager and Delete the {random name}.exe file.
  6. Tap keys Win+E to launch Explorer.
  7. Enter %USERPROFILE%\Downloads, %USERPROFILE%\Desktop, and %TEMP% into the bar at the top (one at a time) to look for malicious files. If you find them, Delete them.
  8. Go to the Desktop and Delete the file named @ShrugDecryptor@.lnk.
  9. Tap keys Win+R to launch RUN.
  10. Enter regedit.exe to launch Registry Editor.
  11. In the pane on the left move to HKEY_CURRENT_USER.
  12. Delete the key named ShrugTwo.
  13. Empty Recycle Bin and quickly employ a legitimate malware scanner to inspect the system for leftovers.
Download Spyware Removal Tool to Remove* Shrug2 Ransomware
  • Quick & tested solution for Shrug2 Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.