Shrug ransomware victim? Here’s how to retrieve your locked files for free


A new form of ransomware is being distributed through drive-by attacks, but victims can retrieve their locked files for free due to mistakes in the attack’s code.

Shrug ransomware first appeared in the wild on July 6, and comes embedded in fake software and gaming apps. Those who get tricked into downloading and running the file-encrypting malware are met with an extensive and mocking ransom note penned by an attacker calling themselves Martha.

More information here

Ransomware tracker for prevention

In order for the ransomware to fully succeed in encrypting your files, it needs to connect to its key server. This essentially means that there is a window of opportunity to protect your computer by interrupting the encryption process. Many AV vendors have blocklists incorporated in their products; there are also publicly available ones, like the one maintained by Ideally though the best mitigation by far is to perform regular backups of your data and either store them off-line, or have a version control system.


My computer has been infected by ransomware. What should I do?

First of all, do not panic! A good starting point is to establish whether you can get your files back using one of the decryptors published in Access Crypto Sheriff. You will need to upload two of your encrypted files and hopefully you will be directed to the right decryptor.

For more info, please visit The No More Ransom Project.