JabaCrypter Ransomware

The JabaCrypter Ransomware is an encryption ransomware Trojan that is a variant of HiddenTear, a ransomware platform that has been responsible for countless variants of ransomware Trojan attacks since its first release in 2015. The JabaCrypter Ransomware will be delivered to its victims through the use of spam email messages. The victims will receive misleading email messages that contain DOCX file attachments, which use embedded macro scripts to download and install the JabaCrypter Ransomware onto the victim's computer. Once installed, the JabaCrypter Ransomware will carry out an attack that involves taking the victim's files blocked and then demanding the payment of a ransom to restore the affected files.

How Threats Like the JabaCrypter Ransomware can Enter A Computer

The JabaCrypter Ransomware uses a strong encryption algorithm that will make victim's files inaccessible. The JabaCrypter Ransomware scans the victim's computer for certain file types that are user-generated while avoiding Windows system files and applications that the victim might need to make a ransom payment. Once the JabaCrypter Ransomware encrypts and locks the victims' files, it delivers a ransom note in the form of an HTML file that is dropped on the infected computer. The JabaCrypter Ransomware ransom note takes the form of a file named '! ПРОЧТИ МЕНЯ.html' (! READ ME.html) that is dropped onto the victim's computer. The JabaCrypter Ransomware's ransom note is written in Russian and contains the following text (translated into English below):

'Report: All your files are successfully encrypted.
Don't panic, Ladies and Gentlemen!
-----------------------------------
All your files and databases are successfully encrypted by our sly-ass cryptor.
Deciphering all your data without having a unique "decryptor" is virtually impossible !, you will simply destroy all your data.
If you are not greedy, but a very generous person, then we are ready to exchange all your precious information for a pathetic paper called dollars.
Believe me, evil always wins, give them to us.
-----------------------------------
On the acquisition of "decryptor" write to the mail: jabanenok@gmail.com
In the letter - do not forget to indicate your "id" specified at the end of each encrypted file.
We will decrypt for free several of your files, so that you can make sure that we have the decoder, maybe he will be by you.
-----------------------------------
© 2018 Everything will be fine!'

HiddenTear variants tend to target the user-generated files, which may include files with the following file extensions, found on local disks on the infected computer:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, doc, .epub, .docx, .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The JabaCrypter Ransomware will mark the files encrypted by the attack by adding the file extension '.cryptfile' to the files' names, making the affected files easy to recognize.

Protecting Your Data from Threats Like the JabaCrypter Ransomware

The best protection against the JabaCrypter Ransomware and other ransomware Trojans (particularly HiddenTear variants) is to have backup copies of your files. These backups should be stored externally, to prevent the backups themselves from being encrypted by the attack. Ransomware Trojans can be removed using a strong anti-malware program that is fully up-to-date, but this will not restore files encrypted by the JabaCrypter Ransomware attack. Unfortunately, HiddenTear variants use a strong encryption algorithm that is impossible to reverse without the decryption key currently. Since the JabaCrypter Ransomware is often delivered using spam emails, learning to manage this content safely is also essential in preventing the JabaCrypter Ransomware infections.