ChinaJm Ransomware

The ChinaJm Ransomware uses AES and RSA encryption to encrypt the files stored on the infected machine and then uses scary tactics to extort money from the affected user in exchange for the restoration of the affected files. Although the ChinaJm Ransomware targets English and Chinese-based users, mainly, it can spread across the world without any problems. Unfortunately, due to the strong encryption, it may be impossible to create a free decryptor unless there is some serious flaw or bug in the underlying code of this malware threat.

The victims of ChinaJm Ransomware will notice that their files are no longer usable, and the original names have been changed to now contain a ".china" extension. A text file containing a unique ID and a few text lines will be dropped after the encryption process has completed. The name of the file is "ÁªÏµÎÒ,ÇëÎðɾ³ý1582689454562.txt."

The full text of the ransom note is: 

'Your machine code: 

You need to send an email to china_jm@protonmail.ch to get the secret key

Restore your file usage.'

The executable file of ChinaJm Ransomware is named "文易 抽奖 小 程序 -SIGN.exe" and it is located in C:\Users\User\AppData\Local\Temp.

Despite the shock of losing access to your files suddenly, victims of ChinaJm Ransomware shouldn't attempt to contact the criminal behind the malware and, in no case, send any money. There is no guarantee that these people hackers will not take the money and run away without providing the necessary decryption key.