Threat Database Ransomware JeepersCrypt Ransomware

JeepersCrypt Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: April 24, 2017
Last Seen: August 17, 2022
OS(es) Affected: Windows

The JeepersCrypt Ransomware is a ransomware Trojan that con artists use to force computer users to pay large amounts of money. To do this, the JeepersCrypt Ransomware will encrypt the victim's files using a strong encryption algorithm. The JeepersCrypt Ransomware is being used in attacks against computer users in Brazil and other countries in South America. This conclusion comes from the spam email campaign that is being used to spread the JeepersCrypt Ransomware, which impersonates email messages from companies working in these regions. The spam email campaign will use corrupted email attachments that use compromised scripts to download and install the JeepersCrypt Ransomware on the victim's computer. These scripts will use some exploit or pop-up to trick computer users into allowing the JeepersCrypt Ransomware to bypass UAC (User Account Control) to install a threat on the victim's computer.

The JeepersCrypt Ransomware isn’t Related to a Known Ransomware Family

It seems that the JeepersCrypt Ransomware is an independent ransomware project, not belonging to a larger family of ransomware (however, there are many similarities between the JeepersCrypt Ransomware and numerous other ransomware Trojans, since many of these threats have code and features in common). The JeepersCrypt Ransomware uses a strong encryption algorithm that is part of its main executable file. The JeepersCrypt Ransomware will encrypt the entirety of the files targeted during the attack, unlike other ransomware variants that may only encrypt part of the file headers, thus allowing the affected files to be recoverable. Unfortunately, in the case of the JeepersCrypt Ransomware, the files affected during the attack will not be decrypted without access to the decryption key. The files affected by the JeepersCrypt Ransomware will be marked with the file extension '.jeepers.' The JeepersCrypt Ransomware will encrypt numerous file types, including the following:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The JeepersCrypt Ransomware will deliver its ransom note in a program window titled 'the JeepersCrypt Ransomware.' This ransomware Trojan delivers its ransom note in Portuguese. The following is an English translation of the JeepersCrypt Ransomware's ransom message:

'All your important files have been encrypted
You have 24 hours to buy a private key to decrypt your files, the key is priced at 0.0200 BTC (bitcoin is worth 77 BRL) to buy the key contact us via email: jeeperscrypt@protonmail.com
And send a message with the following title "I want to buy a key to decrypt my files" then I will pass the information on how to buy the key
Time left
[24 HOUR COUNTDOWN TIMER]'

Dealing with the JeepersCrypt Ransomware Infection

The JeepersCrypt Ransomware demands a ransom of 0.02 BitCoin (approximately $25 USD), a rate that is quite lower than most ransomware Trojans. However, PC security researchers do not advise computer users to contact the people responsible for the JeepersCrypt Ransomware or pay the ransom. Fortunately, there is a free decryption program available from malware researchers currently, which may help computer users recover their files before a patched or new version of the JeepersCrypt Ransomware is released. Since it is usually impossible to recover the files affected by these attacks, the best protection against ransomware Trojans like the JeepersCrypt Ransomware is to have file backups and a capable security program.

SpyHunter Detects & Remove JeepersCrypt Ransomware

File System Details

JeepersCrypt Ransomware may create the following file(s):
# File Name MD5 Detections
1. JeepersCrypt.exe 8010e9438b3aa499604b619878a76a0f 1

Trending

Most Viewed

Loading...