According to ZDNet that’s not the case for Shrug. Malware researchers from LMNTRIX have discovered that the cybercriminals behind Shrug have left the key in the registry – unencrypted and ready to use to safe your files.
To do so just follow the 5 easy steps outlined below:
Restart your PC to terminate the ransomware process that is locking your mouse and keyboard
Navigate to the Shrug ransomware installer path located at: C:\Users\<Your PC Username>\AppData\Local\Temp\shrug.exe. Exchange <Your PC Username> with whatever you use as a username. Permanently delete the file by pressing Shift and Delete
Open the Windows search panel and type in “Run”. This opens the run app.
Enter Regedit to access the Windows Registry and then type in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Identify the Key value titled “Shrug” and delete it. Empty your recycle bin as well.
That’s it. After restarting your PC you should hopefully be rid of the ransomware.