JeepersCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 4 |
First Seen: | April 24, 2017 |
Last Seen: | August 17, 2022 |
OS(es) Affected: | Windows |
The JeepersCrypt Ransomware is a ransomware Trojan that con artists use to force computer users to pay large amounts of money. To do this, the JeepersCrypt Ransomware will encrypt the victim's files using a strong encryption algorithm. The JeepersCrypt Ransomware is being used in attacks against computer users in Brazil and other countries in South America. This conclusion comes from the spam email campaign that is being used to spread the JeepersCrypt Ransomware, which impersonates email messages from companies working in these regions. The spam email campaign will use corrupted email attachments that use compromised scripts to download and install the JeepersCrypt Ransomware on the victim's computer. These scripts will use some exploit or pop-up to trick computer users into allowing the JeepersCrypt Ransomware to bypass UAC (User Account Control) to install a threat on the victim's computer.
Table of Contents
The JeepersCrypt Ransomware isn’t Related to a Known Ransomware Family
It seems that the JeepersCrypt Ransomware is an independent ransomware project, not belonging to a larger family of ransomware (however, there are many similarities between the JeepersCrypt Ransomware and numerous other ransomware Trojans, since many of these threats have code and features in common). The JeepersCrypt Ransomware uses a strong encryption algorithm that is part of its main executable file. The JeepersCrypt Ransomware will encrypt the entirety of the files targeted during the attack, unlike other ransomware variants that may only encrypt part of the file headers, thus allowing the affected files to be recoverable. Unfortunately, in the case of the JeepersCrypt Ransomware, the files affected during the attack will not be decrypted without access to the decryption key. The files affected by the JeepersCrypt Ransomware will be marked with the file extension '.jeepers.' The JeepersCrypt Ransomware will encrypt numerous file types, including the following:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The JeepersCrypt Ransomware will deliver its ransom note in a program window titled 'the JeepersCrypt Ransomware.' This ransomware Trojan delivers its ransom note in Portuguese. The following is an English translation of the JeepersCrypt Ransomware's ransom message:
'All your important files have been encrypted
You have 24 hours to buy a private key to decrypt your files, the key is priced at 0.0200 BTC (bitcoin is worth 77 BRL) to buy the key contact us via email: jeeperscrypt@protonmail.com
And send a message with the following title "I want to buy a key to decrypt my files" then I will pass the information on how to buy the key
Time left
[24 HOUR COUNTDOWN TIMER]'
Dealing with the JeepersCrypt Ransomware Infection
The JeepersCrypt Ransomware demands a ransom of 0.02 BitCoin (approximately $25 USD), a rate that is quite lower than most ransomware Trojans. However, PC security researchers do not advise computer users to contact the people responsible for the JeepersCrypt Ransomware or pay the ransom. Fortunately, there is a free decryption program available from malware researchers currently, which may help computer users recover their files before a patched or new version of the JeepersCrypt Ransomware is released. Since it is usually impossible to recover the files affected by these attacks, the best protection against ransomware Trojans like the JeepersCrypt Ransomware is to have file backups and a capable security program.
SpyHunter Detects & Remove JeepersCrypt Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | JeepersCrypt.exe | 8010e9438b3aa499604b619878a76a0f | 1 |