Skip to content ↓ | Skip to navigation ↓

Well, this didn’t take long – after .Odin, and .Zepto before it, the latest successor to the Locky Ransomware line is here. It has been rather “playfully” named .Shit File Virus by its creators. Apart from the name, there’s nothing to laugh at concerning this newest Ransomware threat.

A rather significant drop in malware activity in the last few weeks has led to a number of people scratching their heads in joyful disbelief and hoping that this trend would last a little longer. Unfortunately, early signs suggest that the unexpected “honeymoon” period might just be over.

According to researchers, .Shit File Virus Ransomware is shaping out to be one of the biggest ones in quite a while. In its early stages, it has affected predominantly users from France, but if the previous Locky alterations are any indication, this will turn out to be a global threat in a hurry.

The similarities are certainly there – just as .Zepto and .Odin, .Shit Ransomware spreads predominantly through spam emails containing infected JS or WS attachments. If the unsuspecting user executes such a malicious script, then trouble is more or less inevitable. A remote C&C server would be contacted and the download of the Ransomware payload file would commence.

It is more or less the same song and dance afterwards – after careful deliberation and selection of your most often used personal files, the ransomware would start encrypting them, eventually turning them into an inaccessible mess with the .shit extension to top it all off.

The encryption is a strong one, utilizing RSA and AES ciphers. Similar to previous Locky versions, the victims are extorted in the amount of 0.5 Bitcoins (roughly $300) for a decryption key.

I will once again urge you not to cave in to the ransomware creators’ demands and not to pay the demanded ransom. Yes, it is infuriating to not be able to access your files but refusal to support the cyber criminals is of paramount importance. This is the only chance for an end user to hinder this increasingly developing “industry.”

I kid you not – by all accounts ransomware creators have been banking millions of dollars and have begun structuring their enterprises much like any big corporation. At the very least, please explore and exhaust all other possibilities before contemplating whether you should part with your hard-earned currency.

You can start by browsing our security news updates for important information regarding your online safety.

Interested in learning more about Ransomware? Click here.

daniel sadakovAbout the Author: Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Save