Shanova Ransomware Mentions No Ransom Sum

While reviewing new file samples, our researchers came across the Shanova malicious program, which is built upon the Chaos ransomware. This type of malware encrypts data and demands payment for decrypting it.

On our test machine, the Shanova ransomware encrypted files and added a ".shanova" extension to their filenames. For instance, a file originally named "1.jpg" became "1.jpg.shanova," "2.png" turned into "2.png.shanova," and so forth. Following this, a ransom note named "read_it.txt" was generated.

The ransom message informs the victim about the encryption of their files and indicates that paying an unspecified ransom is required for decryption. The victim is cautioned against attempting to alter or fix the locked files, as doing so would make them impossible to decrypt.

Shanova Uses Brief Ransom Note

The complete text of the Shanova ransom note reads as follows:

What happens?
Your network is encrypted, and currently not operational.
We need only money, after payment we will give you a decryptor then you will restore all the data.

What guarantees?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
If we do not give you decrypters or we do not delete your data, no one will pay us in the future, this does not comply with our goals.
We always keep our promises.

How to contact with us?
shanova@mailfence.com

Warning! Recovery recommendations.
We strongly recommend you to do not MODIFY or REPAIR your files, that will damage them.

How Can Ransomware Find Its Way on Your System?

Ransomware can find its way onto your system through various methods. Here are common ways in which ransomware can infect a system:

• Phishing Emails: Cybercriminals often use phishing emails to deliver ransomware. These emails may contain malicious attachments or links that, when clicked, download and execute the ransomware on the user's system.
• Malicious Websites: Visiting compromised or malicious websites can expose your system to ransomware. Some websites may have hidden scripts that automatically download and install ransomware on your computer without your knowledge.
• Malvertising: Malicious advertising, or malvertising, involves placing infected advertisements on legitimate websites. Clicking on these ads may lead to the download and installation of ransomware on your system.
• Exploiting Software Vulnerabilities: Ransomware can exploit vulnerabilities in software or operating systems. If your software is not up-to-date and lacks security patches, it becomes more susceptible to exploitation by ransomware.
• Drive-by Downloads: Drive-by downloads occur when malware is automatically downloaded to your system without your consent, often through vulnerabilities in your web browser or plugins.
• Infected External Devices: Ransomware can spread through infected external devices such as USB drives or external hard disks. Plugging an infected device into your system can lead to the ransomware spreading.