Bitcoin Ransomware Education: Shinigami Locker

There are so many different types of Bitcoin ransomware in circulation today that it is hard to find one that is unique. Shinigami Locker is not necessarily unique based on its features, but the artwork used in the ransom note is quite nice to look at. Fans of the Death Note anime and manga will certainly recognize the style of the note, as none other than Ryuk makes an appearance. This type of malware was created by a fan of this manga, and it remains to be seen whether the former will be distributed on a global scale in the future.

Shinigami Locker Wants a $50 Payment

Every time a new type of Bitcoin ransomware comes around, there is reason for concern. There are some emerging trends in the world of malware development which do not bode well for people who must deal with these types of malicious software. One such trend is malware which encrypts computer files and wipes all of their data. Even with a decryption key, the files are rendered useless since their internal data has been overwritten by bogus code. Thankfully, it does not appear Shinigami Locker falls into this category.

Rather, it is a new type of ransomware that does just what everyone would expect it to do — distribute itself through an email spam campaign. So far, we have not seen any torrent or file sharing distribution for this malware, although this situation could change. It does appear Shinigami Locker could be distributed on an international scale in the future, as the ransom note is written in plain English rather than a less ubiquitous language.

Every file encrypted by this malware will receive a custom “.shinigami” file extension. For now, it appears the only way to decrypt files is by paying the ransom of US$50 in Bitcoin. Restoring files from a previous backup is not possible, as the malware alters the information pertaining to the shadow volume copies. That is a common trend in ransomware these days, as criminals aim to prevent any “cheap tricks” by victims at any cost.

Once the ransomware has done its job, it will also change the wallpaper on the victim’s computer. Fans of the Death Note manga will recognize Ryuk in the middle of the picture, as it makes for some nice artwork. Unfortunately, this is not a wallpaper people want to deal with for longer than absolutely necessary, as their entire computer becomes pretty much useless in the process. It does not appear any communication between victim and criminal takes place, indicating this malware relies on a centralized command & central server.

For the time being, Shinigami Locker is not that much of a threat. It has a dedicated email spam campaign, which is a popular distribution method for many ransomwares, malwares, and banking Trojans. There is no reason to think this particular type will be more successful than others, as it has no particular tricks up its sleeve compared to competing payloads. Since we do not know which regions are being targeted by this campaign, it is difficult to predict its eventual impact. Beware of any emails from unknown senders containing email attachments, as that is the main distribution method of any ransomware type.

On an artistic note, Shinigami Locker boasts some nice artwork and lacks the bland images common in other malware strains. Fans of the Death Note manga will certainly see the appeal of the aforementioned wallpaper. It is never good to see such popular shows and series being used in a destructive way, though. Technically speaking, there is nothing that makes Shinigami Locker unique or especially dangerous, but it could certainly prove to be a nuisance. Indeed, this is just one more type of malware to be wary of, as the ransomware industry continues to grow every single week.