How to remove SHRUG ransomware and decrypt .SHRUG2 files

What is SHRUG ransomware

SHRUG – is a new ransomware, that was released in July, 2018. It can be distributed by hacking through an unprotected RDP configuration, email spam and malicious attachments, fraudulent downloads, exploits, web injections, fake updates, repackaged and infected installers. SHRUG ransomware is able to use encryption on all important files, then ask for money to decrypt. In fact, no one can tell for sure if they would decrypt these files. Most of cyber criminals ignore their victims, some of them even have no idea how to decrypt encrypted data. That;s why if your computer is infected with SHRUG ransomware, you should not pay for decryption of your files. Still, you can remove SHRUG ransomware and decrypt .SHRUG2 files without paying anything.

remove SHRUG ransomware

The way this ransomware works is quite simple – first of all, SHRUG breaks through your system, then starts encrypting procedure with AES + RSA-2048 encryption algorithm. SHRUG ransomware adds .SHRUG2 extension to the name of all the encrypted files. For example, video.mp4 file turns into video.mp4.SHRUG2 file. Once all the data is encoded, SHRUG ransomware will display window with a message about ransom. Here it is:

What happened?
Your important files have been encrypted.
Many of your documents, pictures, videos, databases, scripts,
codes, presentations are no longer accessible because they
have been encrypted. Maybe you’re busy looking for a way to
recover your stuff, but don’t waste your time. Nobody can do
that without our decryption service.

Can I recover my files?
Of course!
We guarantee that you can recover all your files safely and
easily. But you don’t have too much time. If you want to
decrypt everything, you will need to pay. You only have 3
days to submit the payment, otherwise all your files will be
PERMANENTLY deleted. Lost. Forever.

How do I pay?
Payment is accepted in Bitcoin only.
Use your favorite search engine (Google, DuckDuckGo, etc.)
to learn more about Bitcoin. To send a payment, you will need
a Bitcoin wallet. You can create one at Blockchain.com for
free. After creating your wallet, buy some Bitcoins (amount
is specified down below) and send the correct amount to the
address specified in this window. After your payment, click
[Check Payment]. The best time to check is around 8-10pm GMT.

IMPORTANT:
Disable or uninstall your anti-virus until your files
are recovered (or gone). Antivirus might delete this window
making it impossible to recover your stuff.

Send $70 worth of Bitcoin to:
1Hr1grgH9ViEgUx73iRRJLVKH3PFjUteNx

Put your wallet & click “Paid” after payment.

Are you proud of me, papa WannaCry? What about you. mamma NotPetya?

There are two solutions of this problem. First is to use special Removal Tool. Removal Tools delete all instances of malware by few clicks and help user to save time. Or you can use Manual Removal Guide, but you should know that it might be very difficult to remove SHRUG ransomware manually without specialist’s help.

SHRUG Removal Guide

  1. Download SHRUG Removal Tool.
  2. Remove SHRUG from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
  3. How to restore files
  4. How to protect PC from future infections.

How to remove SHRUG ransomware automatically:

Download Norton Security This removal tool can help you to get rid of this nasty virus and clean up your system. In case you need a proper and reliable solution, we recommend you to download and try it. This anti-ransomware removal tool is able to detect and remove SHRUG ransomware from your system.

Manual SHRUG Removal Guide

Here is step-by-step instructions to remove SHRUG from Windows and Mac computers. Follow this steps carefully and remove files and folders belonging to SHRUG. First of all, you need to run system in a Safe Mode. Then find and remove needed files and folders.

Uninstall SHRUG from Windows or Mac

Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:

SHRUG.exe
HOW TO RECOVER ENCRYPTED FILES.TXT
5477.exe
87695.dll
2373.dll

Windows 7/Vista:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to SHRUG by using Removal Tool;
  5. Delete found files;

Windows 8/8.1:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to SHRUG by using Removal Tool;
  5. Delete found files;

Windows 10:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to SHRUG by using Removal Tool;
  5. Delete found files;

Windows XP:

  1. Restart the computer;
  2. Press Settings button;
  3. Choose Safe Mode;
  4. Find programs or files potentially related to SHRUG by using Removal Tool;
  5. Delete found files;

Mac OS:

  1. Restart the computer;
  2. Press and Hold Shift button, before system will be loaded;
  3. Release Shift button, when Apple logo appears;
  4. Find programs or files potentially related to SHRUG by using Removal Tool;
  5. Delete found files;

How to restore encrypted files

If you can’t decrypt your files or just don’t want to use those instructions, you can try to restore your files with special tools. You may find these tools below in this section.

Restore data with Stellar Data Recovery

This program can restore the encrypted files, it is easy to use and very helpful.

  1. Download and install Stellar Data Recovery
  2. Choose drives and folders with your data, then press Scan.
  3. Select all the files in a folder, then click on Restore button.
  4. Manage export location. That’s it!

Download Stellar Data Recovery


Restore encrypted files using Recuva

There is an alternative program, that may help you to recover files – Recuva.

Recuva

  1. Run the Recuva;
  2. Follow instructions and wait until scan process ends;
  3. Find needed files, mark them and Press Recover button;

How to prevent ransomware infection?

It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.

Malwarebytes


Download Norton Security

Malwarebytes is a reliable antivirus application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.

Leave a Reply

Your email address will not be published. Required fields are marked *