Dr Jimbo Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 12,262 |
Threat Level: | 80 % (High) |
Infected Computers: | 1,176 |
First Seen: | June 21, 2016 |
Last Seen: | August 28, 2023 |
OS(es) Affected: | Windows |
The Dr Jimbo Ransomware is a ransomware Trojan that con artists use to force computer users to pay large amounts of money to recover their files. The Dr Jimbo Ransomware and similar threats encrypt the files on a computer, taking the victim's data hostage essentially. The Dr Jimbo Ransomware delivers a ransom note that can vary. A common ransom message associated with the Dr Jimbo Ransomware reads as follows:
Hello!
Have news for the owner of this server!
All your data was crypted but no worries, we have decrypter for any your file.
But you must have some Bitcoins and be ready for payment.
For more info you can write to next email:
dr.jimbo@bk.ru
Subject - your server IP ( so we can see what you real)
Message body - any your text (you can attach your file here)
We can guarantee what we can decrypt any your file, if you not sure then send any crypted file(just one!) then we will decrypt and show some part of decrypted file.
As can be seen by the broken language in the ransom note, the Dr Jimbo Ransomware is not designed by English speakers. In fact, it is highly likely that the Dr Jimbo Ransomware originates in Russia or Romania. The files encrypted by the Dr Jimbo Ransomware will have the extension '.ENCRYPTED.' the Dr Jimbo Ransomware demands a ransom of two BitCoins to deliver the decryption key necessary to decrypt the affected files.
A Ransomware Such as the Dr Jimbo Ransomware can Cause Huge Problems to Infected Users
Once the Dr Jimbo Ransomware has encrypted a file, that file becomes inaccessible. The most common way of distributing the Dr Jimbo Ransomware and its many variants is through corrupted spam attachments or embedded links. Once the Dr Jimbo Ransomware has entered a computer, it will ensure that the Dr Jimbo Ransomware can run automatically as soon as Windows starts up. The Dr Jimbo Ransomware will then communicate with its Command and Control server to receive instructions and relay data on the victim's computer and the encryption process. The Dr Jimbo Ransomware scans the hard drives on affected computers and searches for files with the following extensions (as well as many others):
'PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG.'
Once the Dr Jimbo Ransomware has encrypted files with the extensions listed above, the Dr Jimbo Ransomware will drop text files named 'How_to_decrypt.txt' in every directory where files were encrypted. Apart from the ransom note listed above, PC security analysts also have observed the following ransom note:
Attention!
All your data was Encrypted!
If you wanna get it back contact via email:
Dr.jimbo@bk.ru
WARNING: If you don’t contact next 48 hours, then all DATA will be damaged unrecoverably!
How to Deal with the Dr Jimbo Ransomware
Unfortunately, once the Dr Jimbo Ransomware has encrypted your files, it is not possible to decrypt them without access to the decryption key. Because of this, the best recourse for computer users dealing with the Dr Jimbo Ransomware is taking preventive measures. If you backup your files regularly you will be completely invulnerable to attacks like the Dr Jimbo Ransomware, since you can restore the encrypted files from the backup and have no need to grant the ransom in exchange for the decryption key.