AES-128 has been used by this ransomware created for Black Hat 2016 presentation. This “beautiful” piece of malware uses a C&C server that provides the decryption key of the files ShinoLocker has encrypted for free. It has been made primarily for people to study the activities of ransomware and hence hopefully increase the ransomware awareness and protection mechanisms worldwide. This is surely a great start of this imaginary defensive borderline which aims to protect users and businesses against this new type of crime which has seen a revolutionary rise. We have decided to look into this virus created by Shota Shinogi from Japan and explain what it does for an informative purpose.
|Short Description||This ransomware simulator, created for penetration testing encrypts files of affected users, leaving them unopenable. Uses an AES-128 cipher. It doesn’t require any payoff for file decryption and provides everything on the website shinolocker.com|
|Symptoms||Encrypts the files changing their icon to a green padlock icon. Encrypted files can no longer be opened.|
|Distribution Method||Via conventional ransomware replication methods.|
See If Your System Has Been Affected by malware
Malware Removal Tool
|User Experience||Join our forum to Discuss Cerber Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
ShinoLocker Ransomware Simulator In Depth
Typical for a ransomware virus, ShinoLocker uses a strong algorithm to encrypt files – AES cipher with a 128-bit encryption. The malicious file of the virus can be downloaded from the official website of ShinoLocker – shinolocker.com:
Similar to the ransomware viruses sold illegally online as ransomware kits, ShinoLocker’s creator has made it possible that the user can modify what will be encrypted and what he or she wants the fake virus to do:
As soon as the green “Build” button is clicked, the virus is downloaded as an executable on the simulated victim’s computer.
After infection, the files are encrypted, and they can no longer be opened. The creator of this virus has kindly published a decryption key page where the simulated victims can paste their identification and decryption key and hence unlock their files and make them usable again:
We strongly advise users who will be focused on downloading and using ShinoLocker ransomware for penetration testing or just if they want to research and see how it works, to do it either on a virtual drive or a computer where they do not keep important files, despite everything.
Furthermore, for the encryption to work successfully and they AES key to be generated without a hic-up, researchers suggest disabling any antivirus protection since this virus
If you are doing research on the virus, instead of wasting your time and downloading its files to check the infection process, we urge you to watch this video on YouTube instead.
How May Ransomware Like ShinoLocker Distribute
Viruses like ShinoLocker use different methods to spread. For cyber-criminals as long as the malicious file of the virus is dropped onto the hard-drive of your computer, the method is liable. This is why they often turn to different methods to spread ransomware:
- E-mail spam.
- Referral spam on websites.
- Skype spam.
- Facebook spam.
- Other malware.
- Hands-on approach.
- Rely on PUPs and adware to cause redirects on affected computers.
Whatever the case may be and from any direction, the attack may come, users should be aware that there are certain tips we recommend following to stay protected from ransomware nowadays:
1. Follow these general protection tips.
2. Download an advanced malware protection program.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
3. Download a relevant ransomware protection program.
4. Download a relevant cloud backup program that backups copies of your files on a secure server and even if your computer is affected you will stay protected.
ShinoLocker and Ransomware In General – Conclusion
Ransomware viruses have become even a greater menace that they were the previous years they have been created. The so-called cyber-crime syndicates have arisen to make money illegally making this a new chapter in the organized crime segment. Since the attacks are so-many, white hat hackers and malware researchers are desperately fighting against ransomware, but they are hopeless against the military grade encryption algorithms created to protect us from ourselves. The best thing that can be done is to unite and raise awareness as well as mutually develop newer and newer protection methods and pay serious attention on the ransomware menace, because nowadays this is a war directly brought to our homes and computers.
- Guide 1: How to Remove ShinoLocker from Windows.
- Guide 2: Get rid of ShinoLocker from Mac OS X.
- Guide 3: Remove ShinoLocker from Google Chrome.
- Guide 4: Erase ShinoLocker from Mozilla Firefox.
- Guide 5: Uninstall ShinoLocker from Microsoft Edge.
- Guide 6: Remove ShinoLocker from Safari.
- Guide 7: Eliminate ShinoLocker from Internet Explorer.
How to Remove ShinoLocker from Windows.
Step 1: Boot Your PC In Safe Mode to isolate and remove ShinoLocker
Step 2: Uninstall ShinoLocker and related software from Windows
Step 3: Clean any registries, created by ShinoLocker on your computer.
The usually targeted registries of Windows machines are the following:
You can access them by opening the Windows registry editor and deleting any values, created by ShinoLocker there. This can happen by following the steps underneath:
Get rid of ShinoLocker from Mac OS X.
Step 1: Uninstall ShinoLocker and remove related files and objects
1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
- Go to Finder.
- In the search bar type the name of the app that you want to remove.
- If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.
In case you cannot remove ShinoLocker via Step 1 above:
You can repeat the same procedure with the following other Library directories:
Tip: ~ is there on purpose, because it leads to more LaunchAgents.
Step 2: Scan for and remove ShinoLocker files from your Mac
When you are facing problems on your Mac as a result of unwanted scripts and programs such as ShinoLocker, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.
Remove ShinoLocker from Google Chrome.
Step 1: Start Google Chrome and open the drop menu
Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"
Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.
Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.
Erase ShinoLocker from Mozilla Firefox.
Step 1: Start Mozilla Firefox. Open the menu window
Step 2: Select the "Add-ons" icon from the menu.
Step 3: Select the unwanted extension and click "Remove"
Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.
Uninstall ShinoLocker from Microsoft Edge.
Step 1: Start Edge browser.
Step 2: Open the drop menu by clicking on the icon at the top right corner.
Step 3: From the drop menu select "Extensions".
Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.
Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.
Remove ShinoLocker from Safari.
Step 1: Start the Safari app.
Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.
Step 3: From the menu, click on "Preferences".
Step 4: After that, select the 'Extensions' Tab.
Step 5: Click once on the extension you want to remove.
Step 6: Click 'Uninstall'.
A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the ShinoLocker will be removed.
Eliminate ShinoLocker from Internet Explorer.
Step 1: Start Internet Explorer.
Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'
Step 3: In the 'Manage Add-ons' window.
Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.
Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.