A new variant of the BTCWare ransomware was discovered by Michael Gillespie, that appends the.[email]-id-id.shadow extension to encrypted files. In this version, the contact email address is now paydayz@cock.li, which is listed in the ransom note below. When a file is encrypted by the ransomware, it will modify the file’s name and append the.email.-id-[id].shadow extension. To protect yourself from the Shadow BTCWare Ransomware variant, it is important that you use good computing habits and security software.
Source: https://www.bleepingcomputer.com/news/security/new-shadow-btcware-ransomware-variant-released/