The ShurL0ckr Ransomware (also known as Gojdue Ransomware) is a new file-encryption Trojan, which is being promoted in hacking forums found on the Dark Web. This threat is not being sold by its authors and, instead, they are offering it as a Ransomware-as-a-Service product. The only catch is that the cybercrooks who opt to use it will need to share a small fraction of their profit with the original authors. In short, the people behind ShurL0ckr Ransomware are making money by offering other cybercrooks the ability to use their threatening application for free.
Ransomware-as-a-service is not a new thing, and we have encountered many examples of threats being sold to cybercrooks in exchange for a one-time payment, subscription for or, as in this case, a percentage of the money won. Unfortunately, the ShurL0ckr Ransomware appears to be a rather sophisticated product, since it managed to avoid the integrated anti-malware modules of popular Cloud-hosting services such as OneDrive, Google Drive, and others. Naturally, it is a matter of time before the samples of the ShurL0ckr Ransomware hosted there get deleted, but for now, it appears that the threat is being spread via corrupted e-mails primarily, which link the victim to a corrupted document hosted on the cloud services mentioned above.
When the ShurL0ckr Ransomware is launched on an unprotected computer, it will encrypt a significant portion of the victim’s files swiftly, and then provide them with a ransom message, which tells them that the only way to restore their data is to pay a hefty ransom fee. Since we are talking about a ransomware-as-a-service project, it is likely that the ransom sum will fluctuate a lot – some attackers might ask for $50, while others may ask for thousands. Regardless of the amount, paying is not a good idea because you are likely to end up being scammed out of both your money and your files.
If your data was locked by ShurL0ckr Ransomware, you should proceed to run a credible anti-virus software suite that will help you eliminate all unsafe files. Unfortunately, the removal of the threat will not undo the damage done to your files, and the only surefire way to recover them would be via a backup copy.