Remove ShutUpAndDance Virus and Restore .ShutUpAndDance Files

Remove ShutUpAndDance Virus and Restore .ShutUpAndDance Files


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by ShutUpAndDance Virus and other threats.
Threats such as ShutUpAndDance Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

ShutUpAndDance Virus image ransomware note .ShutUpAndDance extension

The ShutUpAndDance Virus is a basic ransomware strain of the Hidden Tear family. The security analysis shows that this is the initial release of the threat, future updates are expected in coordinated attacks. Our article provides an overview of the virus operations and it also may be helpful in attempting to remove the virus.

Threat Summary

NameShutUpAndDance Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts sensitive information on your computer system with the .ShutUpAndDance extensions and demands a ransom to be paid to allegedly recover them.
SymptomsThe ransomware will encrypt your files with a strong encryption algorithm.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by ShutUpAndDance Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss ShutUpAndDance Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

ShutUpAndDance Virus – Distribution Ways

As soon as the ShutUpAndDance virus infection begins the main module will start to run its prescribed behavior pattern. The security investigation reveals that it is based on the Hidden Tear ransowmare family. As such its behavior can be fine tuned according to each target campaign.

The ShutUpAndDance virus has been captured in a limited attack campaign targeting mainly English-speaking computer users. We anticipate that in future attacks the hackers behind it will utilize a whole array of infection tactics.

A common way to spread this threat is to send out phishing email messages. They are designed to intentionally confuse the users into thinking that they have received a message from a well-known company or a service that they use. They can either attach the virus files or link them in the body of the emails.

A similar technique is the use of malicious download sites that attempt to mimic legitimate download portals. Along with the email messages they are among the most popular ways of spreading infected payloads of which there are two main types:

  • Malicious Setup Files — The criminals can include the ShutUpAndDance virus in installers of popular software. This is done by taking the original files from the official vendor sites and bundling the malicious code into them. The hackers typically choose popular user choices — system utilities, productivity applications or creativity suites.
  • Documents — A similar technique can be used with document files: text files, spreadsheets, presentations and databases. Once they are opened by the users a notification prompt appears which will ask them to enable the built-in scripts. If this is done the virus infection will begin.

A browser hijacker infection can be another method for deploying the threat. It relies on the creation of malicious plugins made for the most popular browsers which are then usually uploaded to the relevant repositories. The hackers can use fake developer credentials and user reviews along with a detailed description to coerce the users int installing the browser hijackers. They are called that way as they modify the default settings (home page, new tabs page and search engine) to redirect the users to a hacker-controlled page. Once this is complete the associated behavior pattern will be run which includes the virus deployment.

ShutUpAndDance Virus – In-Depth Analysis

The ShutUpAndDance virus is a new strain belonging to the Hidden Tear ransomware family. As this is one of the most popular choices for creating custom threats we presume that the hacker or criminal collective behind it are not very experienced. Hidden Tear is well-known for having a modular framework allowing all kinds of modifications.

At the moment the captured samples contain only the ransomware engine which is the simplest form of a Hidden Tear threat. Following previous strains of the same family we presume that a classic infection behavior will be implemented.

Such attacks can begin with a data harvesting module. It is programmed to look for specific strings that can be extracted from the infected system. This component can reveal the victim’s identity by looking out for strings such as their name, address, phone number, location, interests and etc. The same technique can also be used to hijack infection campaign metrics which are useful to the hackers: hardware components, user settings and certain values set by the operating system. The collected information can be used to scan the local system for any applications or services that can interfere with the proper virus execution. The component looks for signatures belonging to anti-virus programs, sandbox environments or virtual machine hosts.

Hidden Tear threats are capable of causing a wide range of system modifications. A common scenario is to program modifications to the Windows Registry — existing entries can be changed and new ones can be created. When this affects the operating system values the users can experience overall performance issues. Targeting individual services or user-installed applications can lead to the inability to use certain functions.

The ShutUpAndDance virus can be installed as a persistent threat by modifying the boot options. As a result the malicious engine will be started every the computer is powered on and access to the recovery menu will be disabled.

Advanced virus infections can also lead to the installation of a Trojan module. The classic case involves the setup of an encrypted connection to a hacker-controlled server. It is used by the criminals to spy on the victim users, take over control of their machines at any given time or deploying additional threats.

ShutUpAndDance Virus — Encryption

Like other Hidden Tear based viruses it’s main goal is to encrypt target user data based on a built-in list of file type extensions. Most common ransomware tend to target popular data such as the following:

  • Archives
  • Backups
  • Documents
  • Images
  • Music
  • Videos

All encrypted user data is renamed with the .ShutUpAndDance extension. The accompanying ransomware note is called READ_IT.txt and reads the following message:

[email protected]

Remove ShutUpAndDance Ransomware Virus and Restore .ShutUpAndDance Files

If your computer got infected with the ShutUpAndDance ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by ShutUpAndDance Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as ShutUpAndDance Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove ShutUpAndDance Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove ShutUpAndDance Virus files and objects
2. Find files created by ShutUpAndDance Virus on your PC

Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by ShutUpAndDance Virus

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share