Shark Ransomware

Posted by Lisa Blanc on August 18, 2016

What is Shark Ransomware?

Shark Ransomware is a recently discovered malicious application whose purpose is to encrypt the files stored on your computer’s hard drive and demand that you pay a ransom for the password needed to decrypt them. However, you should remove it instead because your files may not be worth the asked sum of money or you might not get the password after you have paid. In short, there are no guarantees that you will get the password. For more information on this infection, we invite you to read this full description. test test test

Where does Shark Ransomware come from?

Truth be told, this ransomware's distribution methods are rather elusive because its developers depend on cyber criminal wannabes to distribute it for them. Let us explain. Shark Ransomware is a Ransomware as a Service-type of ransomware which means that its developers let certain people use it in exchange for a cut of the profits. Our researchers say that the developers of this particular ransomware ask for a 20 % cut of the profits made from the ransomware payments. The odd thing about this particular ransomware is that it is explicitly promoted and distributed on a dedicated website at Sharkproject.tk. Usually, Ransomware as a Service infections are circulated to a select few on a hidden TOR network, but this one is out in the open for everyone to download. The people that decide to use Shark Ransomware to infect other computers can use whatever means to distribute it, so the chances are that it will be sent in email spam or bundled with pirated software.

How does Shark Ransomware work?

Our security analysts say that the ZIP file from Sharkproject.tk consists of three files that include Payload Builder.exe, Readme.txt, and Shark.exe. Running the Payload Builder.exe, the wannabe cybercriminals can customize it, and the customization options include selecting the directories in which the files will be encrypted as well as the file formats to be encrypted as well. Furthermore, the cybercriminals can customize the price of the decryption password based on the country in which the infected computer is situated. Hence, the criminals can ask for more money in countries where the majority of the population has a high standard of living. Once the configuration is complete, a base64 version of the configuration is generated. This code is used as an argument to Shark.exe and specifies the custom configuration to be used.

Once Shark.exe is launched on a computer, it will encrypt the selected file formats and append them with the .locked extension. At this point, you will not be able to access the files. Once the encryption process is complete, the ransom will generate a UNLOCK ME file that is this ransomware’s decryption interface. It wants you to follow three easy steps the first one being entering your email address in the dialog box. The second step is to purchase Bitcoins and send them to the specified Bitcoin address and the third step is to enter the decryption password that you will receive in your email inbox.

Due to the fact that this ransomware is being disseminated explicitly, we think that it will not be long before Sharkproject.tk will be closed. Furthermore, the authorities might come after the people that set up this site and created Shark Ransomware and hold them accountable because ransomware is an illicit piece of software. So if your computer has been infected with it, then we invite you to use the removal guide provided below.

How do I remove Shark Ransomware?

In order to completely eradicate this infection, you must first locate the main executable and delete it, then you can proceed to %APPDATA%\Settings and delete its copy, but you can do this in any order you want. You can also use an Antimalware program to locate and get rid of these files automatically. Our security experts recommend SpyHunter since tests have shown that it can deal with Shark Ransomware easily.