APT / THREAT GROUP

Shinra

1
aliases

Intelligence Profile

SHINRA ransomware is a variant of the Proton ransomware family, known for its malicious activities involving data encryption and demanding a ransom for data decryption.

After encrypting files, the ransomware renames them with a sequence of random characters and appends the ".SHINRA3" extension to the filenames.

It is worth noting that this ransomware uses AES and ECC encryption algorithms to lock files on the victim's computer. Following the encryption, it creates a ransom note named "SHINRA-Recovery.txt."

There are not many details about its operation or methods of infecting its victims, but after encryption, the victim needs to send an email regarding recovery to the addresses provided, including their ID as generated by the ransomware:

[email protected]

[email protected]

[email protected]

The ransomware also changes the victim's wallpaper, displaying the need to send the data and contact the threat actor.

Threat Analysis

Shinra is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Quick Facts

TypeAPT / Threat Group
Aliases1

Also Known As

Shinra

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Shinra — APT / Threat Group | Threat Intelligence | CTIWATCH.COM