Call 24/7: +1 (800) 972-3282

Shrug Ransomware Contains Ways to Unlock Your Files

Sean Jackson

Sean Jackson

Shrug Ransomware Contains Ways to Unlock Your Files
Sean Jackson

Sean Jackson

I think there's an issue with my storage device, but I'm not sure Start a free evaluation →

I need help getting my data back right now Call now (800) 972-3282

The key behind ransomware is to influence your behavior so you’ll comply with their demands. On the surface, the Shrug ransomware is no different in this regard. However, those who developed the ransomware have left the keys available for you to unlock your files.

Further Details on Shrug Ransomware

It works by using drive-by attacks, often in the deployment form of embedding on fake software and gaming apps. Upon downloading the strand, you’ll receive a delightful message from Martha, who will say something along the lines of, “What happened? Well, the answer is quite simple. Before I tell you, promise you will not get mad. Okay. Your PC was a victim of a ransomware attack,” according to a ZDNet report.

From there, the ransomware demands a payment of $50 in Bitcoin to return your files. You’ll receive detailed instructions on how to purchase and transfer Bitcoin currency. And similar to other ransomware, it gives you a deadline to pay, which in this case is three days or you’ll lose your files forever. A side note, you can find which files have encryption by searching for the .SHRUG extension.

As noted in previous articles, paying the ransom only provides further incentive for the hackers to continue their craft. Furthermore, there’s a way to recover your files because the answer lies in the ransomware code.

How to Recover Your Files From Shrug Ransomware

LMNTRIX, a cybersecurity company, came across an interesting discovery. They revealed the authors of Shrug ransomware kept the keys in the code to unlock the files in the directory. What does this mean? It means you have the ability to recover your files even if you have the ransomware-talk about a new wrinkle.

ZDNet does an excellent job of breaking down how to go about this:

  • First, since the ransomware normally disables your ability to use your mouse and keyboard, you’ll want to reboot your device.
  • Upon rebooting, open the file explorer and enter the ransomware path: C:\Users\USERNAME\AppData\Local\Temp\shrug.exe.
  • From here, you can delete the shrug.exe file by pressing shift and delete.
  • The next step is to open the RUN application on Windows-you can find this by typing RUN on Windows’ search panel feature.
  • After opening RUN, type in Regedit, as this will access the registry.
  • Next, type in the following: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  • Doing this gives you access to the Shrug key value by which you can delete it. After deleting it, visit your computer’s recycle bin to clear it out.
  • Lastly, restarting your machine removes all traces of the Shrug ransomware.

Ultimately, this ransomware variant isn’t a common one in that it provides a gateway to unlock your files. In most cases, if you become a ransomware victim, you’ll need a team of data recovery specialists to help; this is where the team at Salvage Data comes in.

We have the resources and expertise to help you regain access to your files, even if hackers encrypted them. You’ll find our recovery process informative, secure, and quick. Best of all, we are offering a 10% discount for the month of July. Enter the promo code SAVE10 at checkout to save money on our services today!


Related Services

Ransomware Recovery

Read more

Emergency Data Recovery Services

Read more

Hard Drive Recovery

Read more