Shrug2 ransomware

September 27, 2018

What is Shrug2

Shrug2 ransomware is a threat that offers ShrugDecryptor to recover encrypted data. Shrug2 ransomware is the second version of Shrug ransomware which has been filled with the few new features. The threat is almost identical to the original ransomware. However, the cryptovirus is appending a new file extension and is also using Command and Control server configuration. Like the previous version, Shrug2 relies on AES encryption cipher to lock victim’s files, and, after successful encryption, adds .SHRUG2 file extension as a marker for encrypted data. As a result, users’ data becomes unreadable. Additionally, ransomware places a ransom note on the system which appears in a program window called ShrugDecryptor and states more details about the attack. It claims that the ransom amount is 70 USD which should be paid in Bitcoin. Also, the virus promises to delete data permanently if the ransom is not paid in three days. At the moment, there is no contact email in the ransom note that is advertising the alleged Shrug decryption services.

Shrug2 ransomware Download Removal Toolto remove Shrug2

Shrug2 ransomware is a malicious crypto-virus that infects your system silently and starts its malicious processes in the background. As the first step, ransomware modifies old or adds new registry keys to make sure that its script is launched everytime your infected device reboots.

Additionally, Shrug2 virus scans the system and selects which photos, videos, documents or databases to encrypt with a sophisticated AES encryption algorithm. When this file locking is done, the virus places .SHRUG2 file extension. As a result, you can clearly see which files are modified by the threat.

This silent intruder has been spreading for some time. As a result, Shrug2 can be detected by numerous anti-virus and anti-malware tools as:

Artemis!04112AEC4740 TR/Ransom.rhagu Generic.Ransom.Hiddentear.A.B8BBD7A8 TR/Hiddenrear.agdsy Trojan.Ransom.Shrug Ransom.Genasom!8.293 (CLOUD) TROJ_GEN.R002H09GC18 malicious_confidence_70% (D) malware (ai score=97) Win32/Trojan.Hoax.4a4

When this virus is done with the encryption process, it displays a program window on the screen that looks like a decryption service. The ransom note states that you have 3 days to pay $70 in Bitcoin to a provided wallet. The window is called ShrugDecryptor and contains the following message:

The first sentences of the ransom note are typically mimicking WannaCry and Petya cyber threats. However, at the moment securoty experts do not find any relation between these cyber threats. If you got infected, you need to remove Shrug2 ransomware as soon as possible. It is important because this ransomware can access various places in the system and modify it according to its developer’s commands.

As we have mentioned, this cyber threat is using C&C server configuration helping people behind the virus store your data or control various parts of the device without you knowing that. This additional feature of the ransomware makes it even more dangerous. To prevent the worst case scenario, focus on Shrug2 ransomware removal and get rid of this threat. Use or other anti-malware tools to scan your device and eliminate all issues hailing from the infection.

Download Removal Toolto remove Shrug2

How does Shrug2 works

Malware developers aim to distribute the virus payload widely, so they pretend to send emails from companies like DHL, PayPal or Amazon. Since people often use these services, victims unknowingly open these safe-looking emails and download malicious files.

Researchers advise you to pay more attention because the minute you download and open the infected file on your computer this malicious ransomware script is planted on the system. These invoices or receipts can look safe but always check for typos and grammar mistakes on the email. This can be an indicator that the email is not legitimate.

How to delete Shrug2

The first thing you should know if you want to remove Shrug2 ransomware is that all additional changes made by this threat can be related to other programs and their malfunction in the future. You need to use professional anti-malware tools to get rid of all the fraudulent files and damaged caused by them. Tools like , or Anti-MalwareNorton Internet Security can fully scan your device and detect this malware.

Shrug2 ransomware removal is crucial if you want to get back to a safe computer’s usage. We do not recommend replacing your affected files or restoring them by using our recovery instructions until you get rid of the malware because ransomware keeps encrypting everything in its way. So use anti-malware, delete ransomware virus, clean your system thoroughly, double-check and then recover your data.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to Shrug2. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove Shrug2 Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for Shrug2 or anything related to it, and once you find it, press ‘Remove’.

Uninstall Shrug2 Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for Shrug2 or anything related to it, and once you find it, press ‘Remove’.

Delete Shrug2 Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for Shrug2 or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If Shrug2.safariextz appears on the list, select it and press ‘Clear’.

Remove Shrug2 Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for Shrug2 or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that Shrug2 is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the Shrug2 program.
  7. Select Shrug2 or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from Shrug2

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete Shrug2

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect Shrug2, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find Shrug2 in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

Download Removal Toolto remove Shrug2
  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *