Threat Database Ransomware Dr Jimbo Ransomware

Dr Jimbo Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 12,262
Threat Level: 80 % (High)
Infected Computers: 1,176
First Seen: June 21, 2016
Last Seen: August 28, 2023
OS(es) Affected: Windows

The Dr Jimbo Ransomware is a ransomware Trojan that con artists use to force computer users to pay large amounts of money to recover their files. The Dr Jimbo Ransomware and similar threats encrypt the files on a computer, taking the victim's data hostage essentially. The Dr Jimbo Ransomware delivers a ransom note that can vary. A common ransom message associated with the Dr Jimbo Ransomware reads as follows:

Hello!
Have news for the owner of this server!
All your data was crypted but no worries, we have decrypter for any your file.
But you must have some Bitcoins and be ready for payment.
For more info you can write to next email:
dr.jimbo@bk.ru
Subject - your server IP ( so we can see what you real)
Message body - any your text (you can attach your file here)
We can guarantee what we can decrypt any your file, if you not sure then send any crypted file(just one!) then we will decrypt and show some part of decrypted file.

As can be seen by the broken language in the ransom note, the Dr Jimbo Ransomware is not designed by English speakers. In fact, it is highly likely that the Dr Jimbo Ransomware originates in Russia or Romania. The files encrypted by the Dr Jimbo Ransomware will have the extension '.ENCRYPTED.' the Dr Jimbo Ransomware demands a ransom of two BitCoins to deliver the decryption key necessary to decrypt the affected files.

A Ransomware Such as the Dr Jimbo Ransomware can Cause Huge Problems to Infected Users

Once the Dr Jimbo Ransomware has encrypted a file, that file becomes inaccessible. The most common way of distributing the Dr Jimbo Ransomware and its many variants is through corrupted spam attachments or embedded links. Once the Dr Jimbo Ransomware has entered a computer, it will ensure that the Dr Jimbo Ransomware can run automatically as soon as Windows starts up. The Dr Jimbo Ransomware will then communicate with its Command and Control server to receive instructions and relay data on the victim's computer and the encryption process. The Dr Jimbo Ransomware scans the hard drives on affected computers and searches for files with the following extensions (as well as many others):

'PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG.'

Once the Dr Jimbo Ransomware has encrypted files with the extensions listed above, the Dr Jimbo Ransomware will drop text files named 'How_to_decrypt.txt' in every directory where files were encrypted. Apart from the ransom note listed above, PC security analysts also have observed the following ransom note:

Attention!
All your data was Encrypted!
If you wanna get it back contact via email:
Dr.jimbo@bk.ru
WARNING: If you don’t contact next 48 hours, then all DATA will be damaged unrecoverably!

How to Deal with the Dr Jimbo Ransomware

Unfortunately, once the Dr Jimbo Ransomware has encrypted your files, it is not possible to decrypt them without access to the decryption key. Because of this, the best recourse for computer users dealing with the Dr Jimbo Ransomware is taking preventive measures. If you backup your files regularly you will be completely invulnerable to attacks like the Dr Jimbo Ransomware, since you can restore the encrypted files from the backup and have no need to grant the ransom in exchange for the decryption key.

Trending

Most Viewed

Loading...