ShutUpAndDance Ransomware
The ShutUpAndDance Ransomware is a variant of Hidden Tear, a public domain, file-locker Trojan. This threat can keep different files, particularly ones associated with work or recreational media, from opening by encoding them with a static key. Free decryption solutions and backups can help with restoring any data, and traditional anti-malware programs can remove the ShutUpAndDance Ransomware or stop its installation.
The Government Site that's Abetting a Trojan Accidentally
Since Utku Sen made his demonstration of a threatening, data-encrypting program available to the public, malware researcher have seen significant variety in how different threat actors implement Hidden Tear into their crimes. A favorite cosmetic choice includes using references to popular media, such as the hacking thriller Mr. Robot, as seen in the various attacks of the FSociety Ransomware and variants like the CryptFuck Ransomware, the Fs0ci3ty Ransomware or the FuckSociety Ransomware. While the ShutUpAndDance Ransomware keeps this trend alive, it also shows signs of having a campaign with more interesting C&C infrastructure choices than most versions of HT.
The ShutUpAndDance Ransomware is a typical example of Hidden Tear and uses the AES encryption for locking different files, such as Word documents or JPG pictures, after infecting a Windows computer. Its text ransoming note displays an ASCII art with the above theme of Mr. Robot's 'FSociety' hacker organization, and, presumably, will contain more ransoming information in its future iterations. Malware researchers always encourage against paying these ransoms, but, in particular, for the ShutUpAndDance Ransomware, which uses a hard-coded password for unlocking any files ('ve%6>x4G&T$735nzPTh!').
However, the ShutUpAndDance Ransomware's more novel trait is how it contacts its threat actors for notifying them about new infections. The ShutUpAndDance Ransomware communicates with a hijacked Web domain that belongs to the Mexican government. While there's no danger to any ordinary Web traffic that's visiting the site in question, it raises further implications about the degree of access between the ShutUpAndDance Ransomware's admins and the interrelated Web infrastructure.
Putting the ShutUpAndDance Ransomware's Dance to Rest
The ShutUpAndDance Ransomware shows few signs of being in distribution for ransoming money but is equally threatening to the files on your PC as any other version of the widespread Hidden Tear family. Malware researchers are noting that its installers are disguising themselves as fake Adobe files, such as Adobe PDF Reader or related updates. Users should protect their PCs by avoiding any download or update links that don't arrive from appropriate sources like the official Adobe website.
While the ShutUpAndDance Ransomware's locked files should be decryptable with the included decryption service and its key, future updates could change these credentials or the relative security of encryption. Backing up your files to other devices is helpful for keeping data, such as valuable databases or documents, from being damaged or held for ransom. Few anti-malware programs are incapable of deleting the many variants of Hidden Tear, and most brands should uninstall the ShutUpAndDance Ransomware just as readily.
As the ShutUpAndDance Ransomware capitalizes on the nature of popular media for its extortionist goals, PC users need to remember that backups should be a way of life for anyone with digital media. Meanwhile, world governments should also keep their network security on-point for preventing calamities like the ShutUpAndDance Ransomware campaign.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.