What is Shasha Ransomware
Shasha is the name of a ransomware virus that encrypts and changes data with the .shasha extension. The new extension is not an essential part of the encryption, but rather a visual aspect meant to highlight the blocked data. If you see this extension assigned to most of the data like this 1.pdf.shasha
, then you are undoubtedly infected with ransomware. The developer’s next step after blocking access to files is to explain how to recover it back. For this, cybercriminals in charge of the Shasha virus create a text note called READ_ME.txt and change desktop wallpapers.
All of your files have been encrypted!
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $50. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com
Payment informationAmount: 0,0012 BTC
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
Inside of this note, extortionists claim they are the only figures able to decrypt your files. To be more precise, they are the ones holding private keys and decryption software that can unlock the data. Victims are requested to buy it for 50$ in BTC. The payment has to be sent through the Bitcoin address attached in the note. Unfortunately, it is quite uncertain how cybercriminals are going to send the purchased decryption software to you. This is because there are no contact details like e-mail to establish communication with them. At this point, files encrypted by Shasha have not been confirmed to be decryptable with any third-party tool. The only guaranteed way of decryption can be offered by extortionists themselves as they have assigned these ciphers. Third-party tools can help only if there are bugs, flaws, or private keys that are stored locally by cybercriminals. For this reason, it is way better and safer to use backup copies if such were created and saved on external devices. After deleting the virus, you can easily plug in your portable storage and copy the lost data back to your system. If you have extremely important data chained by Shasha Ransomware, you can risk and pay the required ransom. 50$ is not a very high price compared to other infections that demand thousands of dollars from their victims. Even though it is highly advised against trusting ransomware developers, such an option can be considered as well. Below, we are going to show you removal instructions as well as possible ways to restore or decrypt your data without cybercriminals.
How Shasha Ransomware infected your computer
Although there is not a lot of information on how Shasha Ransomware infects systems specifically, most malware of such abuse quite the same infiltration methods. This list includes trojans, e-mail spam letters, backdoors, keyloggers, fake downloads of updates or pirated software, unreliable cracking tools, and other suspicious channels that could infiltrate you by exploiting different vulnerabilities (e.g. unprotected RDP configuration). Despite such a range of distribution vectors, most cybercriminals refer to spreading ransomware and other infections via e-mail spam letters. They do so by bombarding users with ostensibly legitimate messages containing malicious attachments or links. These attachments usually have .DOCX, .PDF, .EXE, .RAR, .ZIP, or .JS extensions. Cybercriminals use them to set up executable scripts that inject malware into the system. After accessing them, users will more likely become the victims of ransomware or something else. To prevent this from happening, users should avoid interaction with files or links received by suspicious sources. Note that many frauds disguise their messages as legitimate companies like DHL, DPD, or FedEx to make users trust them. In most cases, actual companies will not send you a message with urges to open some links or attachments for no adequate reason. Remember that most PC protection depends on what you click and visit whilst surfing the web. Make sure your circle of downloads and visits is concentrated only on official resources. Additionally, you may install antimalware software with live protection that will help you avoid potentially dangerous content even easier. You can learn more about it down below.
- Download Shasha Ransomware Removal Tool
- Get decryption tool for .shasha files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like Shasha Ransomware
Download Removal Tool
To remove Shasha Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Shasha Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove Shasha Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of Shasha Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Shasha Ransomware files:
READ_ME.txt
{randomname}.exe
Shasha Ransomware registry keys:
no information
How to decrypt and restore .shasha files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .shasha files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .shasha files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with Shasha Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .shasha files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like Shasha Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Shasha Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.