What is ShinigamiLocker Ransomware? How does it execute its attack?
ShinigamiLocker ransomware is a destructive malicious program designed to encrypt computer files. Its name, ShinigamiLocker is based on a famous Japanese manga and anime series, “Death Note” which featured the Shinigami also known as “Gods of Death”.
The ShinigamiLocker ransomware is executed using a malicious file named rANSOM.exe (version 1.0.0.0) and starts to encrypt files by appending .shinigami extension to all targeted files using the DES encryption algorithm. After the encryption is completed, it changes the desktop wallpaper of the infected computer with a picture containing the ransom note which says:
“SHINIGAMI LOCKER
YOU HAVE BEEN HACKED
YOUR FILES WERE ENCRYPTED
GET RID OF THIS IN FEW STEPS
STEP1 GO TO https://localbitcoins.com/
STEP2 PAY THE EXACT AMOUNT
REQUEST DELOW. MAKE SURE YOU PAY IT TO THE CORRECT ADDRESS
STEP 3 WAIT UNTIL THE PAYMENTIS CONFIRMED AND ENJOY YOUR PC
–
YOU NEED TO PAY BITCOIN WORTH 50$!
ANY ATTEMT ON CLOSING OR DELETING THIS SOFTWARE WILL DAMAGE YOUR PC
–
AMMOUNT: 50 $ ~ 0.01816 BTC BITCOIN WALLET FOR PAYMENT 1MBPSrn46eEVBHoypyjgfdCCf5DQxQsx3f’”
In this case, the malware demands a ransom of $50 which, if compared to other ransom amount of other ransomware, is not that high. However, no matter how small the ransom is, paying them should not even cross your mind since cyber criminals are hardly trustworthy and they tend to ignore their victims once payment is already made. The best way to deal with this kind of infection is to opt for alternative ways to get rid of the ransomware and restore the encrypted files.
How does ShinigamiLocker ransomware distribute its malicious file?
The sly crooks always find creative ways to deceive computer users. However, their most favorite ransomware distribution tactic is through malicious spam emails since all they have to do is to create some email accounts and bypass spam filters and then send out their malicious files to random email addresses. They often use eye-catching subjects to appeal to user’s curiosity to make them open the message and download its attachment.
Aside from spam emails, cyber crooks also use other deceptive techniques in distributing their malicious files such as malvertising, exploit kits and phishing. So if you want to be protected from these kinds of threats, you’ll have to keep your computer system up-to-date, as well as your antivirus programs. It would also be better if you avoid clicking suspicious links online and immediately exit the website that seems suspicious.
To terminate ShinigamiLocker ransomware, make sure you follow each removal step below, as well as the advanced steps for complete ransomware removal.
Step 1: Reboot your computer into Safe Mode
Windows XP/Vista/7
- Reboot your computer.
- Tap F8 when you see the BIOS screen.
- Select Safe Mode from the Advanced Boot Options menu using the arrow keys on your keyboard.
- Press Enter.
- And then proceed to remove the ShinigamiLocker ransomware.
Windows 8/8.1/10
- Tap two buttons: the Windows key and C on your keyboard and click Settings (if you use Windows 8/8.1) or click on the Start button (if you use Windows 10).
- Click Power.
- Hold the Shift key and click Restart.
- Click Troubleshoot.
- Click Advanced options.
- Click Startup Settings.
- Click on the Restart button.
- Tap F4.
- Proceed removing the ShinigamiLocker when your PC starts in Safe Mode.
Step 2: Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for suspicious processes that can be related to the ShinigamiLocker Ransomware.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 3: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Look for ShinigamiLocker ransomware or any peculiar program and then Uninstall it.
Step 4: Hold down Windows + E keys simultaneously to open File Explorer.
Step 5: Go to the directories listed below and delete everything in you find suspicious in it and other directories you might have saved the file related to ShinigamiLocker ransomware.
- %AppData%
- %Roaming%
- %Local%
- %LocalLow%
- %Temp%.
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
Step 6: Look for corrupted file, rANSOM.exe created by the malware and delete it.
The next step below is not recommended for you if you don’t know how to navigate the Registry Editor. Making registry cShanges can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that ShinigamiLocker ransomware created. So if you are not familiar with the Windows Registry skip to Step 12 onwards.
However, if you are well-versed in making registry adjustments, then you can proceed to step 7.
Step 7: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter.
Step 8: Navigate to the path below:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Step 9: Delete any suspicious registry value that might have been added by ShinigamiLocker.
Step 10: Close the Registry Editor.
Step 11: Empty the Recycle Bin.
Step 12: Try to recover your encrypted files.
Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if the ShinigamiLocker Ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
Follow the continued advanced steps below to ensure the removal of the ShinigamiLocker ransomware:
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK. - A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- Click OK to launch SpyRemover Pro.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.