A new strain of Godjue ransomware dubbed ShurL0ckr has been detected by security researchers. Their analyses revealed that threat is a ransomware-as-a-service spread on dark web forums. ShurL0ckr ransomware invades computer systems to encrypt predefined file types and then demand a ransom for their decryption. Security researchers who have investigated the ransomware confirmed that it could invade cloud storage applications as well.
|Short Description||The ransomware virus encrypts files on your PC and drops a ransom note that demands payment for the decryption of locked files.|
|Symptoms||This ransomware encrypts your files and then it may append specific extension on every encrypted file.|
|Distribution Method||Spam Emails, Email Attachments, Executable Files|
|Detection Tool|| See If Your System Has Been Affected by ShurL0ckr |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss ShurL0ckr.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
ShurL0ckr Ransomware – Distribution
There are several ways which may be used for the distribution of ShurL0ckr ransomware. The threat is most likely to invade systems via email spam messages. Such messages usually contain compromised file attachments, in-text links or clickable buttons. The email attachments carriers of ShurL0ckr ransomware payload are usually types of files that users trust and open without hesitation like office documents, text files, images and compressed archives. Once a file infected with ShurL0ckr is opened on the target host, it automatically triggers the ransomware attack.
When an email that spreads the ShurL0ckr provides in-text links or clickable buttons the text message may attempt to trick you into infecting yourself with the threat. Once you feel a sense of urgency, you are more prone to click the malicious components and this way download the ransomware on your system. Such attacks are called drive-by-download. It allows hackers to inject the ransomware payload in various web pages. A visit of such a page causes an automatic download of the ransomware payload on your computer.
Links to compromised web pages that deliver ShurL0ckr ransomware may be spread on various social media channels and instant messaging services.
ShurL0ckr Ransomware – Impact
The new variant of Godjue ransomware works a lot like the notorious Satan ransomware. As found during the conducted analyzes, ShurL0ckr crypto virus is a ransomware-as-a-service threat. This means that hackers who are distributing its payload pay a percentage to the authors of the malicious script.
The threat is designed to scan the plagued system for specific file types that are set as its targets. Whenever there is a registered match during the scan, ShurL0ckr utilizes strong cipher algorithm to modify the original code of a target file. After the encryption process, all corrupted files may receive a specific extension and are out of order.
Another trait of the infection is a ransom note file that may be located on the desktop. The message in it is likely to provide more information about the ransomware as well as the amount of the demanded ransom. However, it is advisable to avoid paying the ransom until you try to deal with the problem with the help of alternative secure solutions like an anti-malware tool that can remove all malicious files as well as data recovery software or available backups that can restore some to all encrypted files.
A worrying fact revealed by the team of security researchers who have analyzed ShurL0ckr samples is that the ransomware successfully bypasses the mechanisms of cloud platforms. ShurL0ckr ransomware is reported to compromise apps with built-in malware protection like Google Drive and Microsoft Office 365.
How to Remove ShurL0ckr Ransomware and Restore Files
Тo remove ShurL0ckr ransomware just follow the step-by-step removal guide below which provides both manual and automatic approaches. Due to the complexity of ransomware code, security researchers recommend the help of advanced anti-malware tool that guarantees maximum efficiency.
Once the removal is complete, alternative data recovery approaches could be also found in the guide. They may be useful for the restore of some encrypted files. Be advised to back up all encrypted files to an external drive before you proceed with the recovery process.