JackPot Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 2 |
First Seen: | October 28, 2016 |
Last Seen: | September 29, 2020 |
OS(es) Affected: | Windows |
The JackPot Ransomware is a Trojan that is designed to encrypt the victim's files to take them hostage in exchange for a ransom payment. The JackPot Ransomware may be distributed by attaching it to spam email messages, which may be contained in a corrupted DOCX or PDF file (both are formats that many computer users would not associate with harmful content). This file may be included in an email that claims to contain an important message from a social media platform such as Facebook, Instagram or Reddit. When the victim opens the corrupted file, the JackPot Ransomware is downloaded and installed on the victim's computer, and begins the encryption of the victim's files.
Table of Contents
How the JackPot Ransomware may Carry out Its Attack
The JackPot Ransomware encrypts its victim's files by using the AES-256 encryption, a strong encryption algorithm that makes it nearly impossible to recover the affected files without access to the decryption key. The JackPot Ransomware targets files with certain extensions, but apparently avoids files that are bigger than 30 MB. It seems that the JackPot Ransomware is designed to disrupt servers specifically, since it can encrypt databases, INI files, and index files, which would be especially destructive when it comes to a Web server. The JackPot Ransomware will encrypt all files with the following file extensions:
.PNG, .PSD, .PSPIMAGE, .TGA, .THM, .TIF, .TIFF, .YUV, .AI, .EPS, .PS, .SVG, .INDD, .PCT, .PDF, .XLR, .XLS, .XLSX, .ACCDB, .DB, .DBF, .MDB, .PDB, .SQL, .APK, .APP, .BAT, .CGI, .COM, .EXE, .GADGET, .JAR, .PIF, .WSF, .DEM, .GAM, .NES, .ROM, .SAV, .DWG, .DXF, .GPX, .KML, .KMZ, .ASP, .ASPX, .CER, .CFM, .CSR, .CSS, .HTM, .HTML, .JS, .JSP, .PHP, .RSS, .XHTML, .DOC, .DOCX, .LOG, .MSG, .ODT, .PAGES, .RTF, .TEX, .TXT, .WPD, .WPS, .CSV, .DAT, .GED, .KEY, .KEYCHAIN, .PPS, .PPT, .PPTX, .INI, .PRF, .HQX, .MIM, .UUE, .7Z, .CBR, .DEB, .GZ, .PKG, .RAR, .RPM, .SITX, .TAR.GZ, .ZIP, .ZIPX, .BIN, .CUE, .DMG, .ISO, .MDF, .TOAST, .VCD, .SDF, .TAR, .TAX2014, .TAX2015, .VCF, .XML, .AIF, .IFF, .M3U, .M4A, .MID, .MP3, .MPA, .WAV, .WMA, .3G2, .3GP, .ASF, .AVI, .FLV, .M4V, .MOV, .MP4, .MPG, .RM, .SRT, .SWF, .VOB, .WMV, .3D, .3DM, .3DS, .MAX, .OBJ, R.BMP, .DDS, .GIF, .JPG,.CRX, .PLUGIN, .FNT, .FON, .OTF, .TTF, .CAB, .CPL, .CUR, .DESKTHEMEPACK, .DLL, .DMP, .DRV, .ICNS, .ICO, .LNK, .SYS, .CFG.
The JackPot Ransomware is very similar to a wide variety of recent ransomware Trojans, including the '.perl File Extension Ransomware Trojan' and the '.thor File Extension Ransomware Trojan.' The JackPot Ransomware will identify files that it has encrypted by changing their extension to '.coin.' This goes with a pattern that has been observed in these variants, which seem to use four-letter words as the file extension identifying the threat. The JackPot Ransomware delivers the ransom note in the form of an HTA app error message, a method first observed in the Lock93 Ransomware Trojan. The JackPot Ransomware's ransom note contains the following message:
'*** jack.pot ***
All your important files are encrypted.
To decrypt your files, pay 3.0 BTC = 830 USD to the Bitcoin address:
[34 random characters]'
It is likely that the JackPot Ransomware is still being tested, since the payment method, which is not effective in this version, is not quite functional.
Dealing with Threats Like the JackPot Ransomware
In the event of infection with threats like the JackPot Ransomware, PC security researchers do not recommend that computer users pay the ransom. There is no guarantee that the con artists that created the JackPot Ransomware will provide the decryption key in exchange for the ransom amount. Paying the ransom also allows con artists to continue creating and distributing these threats, furthering their attacks and putting more computer users at risk for the JackPot Ransomware and other ransomware attacks.
SpyHunter Detects & Remove JackPot Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 5624c920b1fd3da3a451d564bb7488d3 | 1 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.