Threat Database Ransomware JackPot Ransomware

JackPot Ransomware

By CagedTech in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 2
First Seen: October 28, 2016
Last Seen: September 29, 2020
OS(es) Affected: Windows

The JackPot Ransomware is a Trojan that is designed to encrypt the victim's files to take them hostage in exchange for a ransom payment. The JackPot Ransomware may be distributed by attaching it to spam email messages, which may be contained in a corrupted DOCX or PDF file (both are formats that many computer users would not associate with harmful content). This file may be included in an email that claims to contain an important message from a social media platform such as Facebook, Instagram or Reddit. When the victim opens the corrupted file, the JackPot Ransomware is downloaded and installed on the victim's computer, and begins the encryption of the victim's files.

How the JackPot Ransomware may Carry out Its Attack

The JackPot Ransomware encrypts its victim's files by using the AES-256 encryption, a strong encryption algorithm that makes it nearly impossible to recover the affected files without access to the decryption key. The JackPot Ransomware targets files with certain extensions, but apparently avoids files that are bigger than 30 MB. It seems that the JackPot Ransomware is designed to disrupt servers specifically, since it can encrypt databases, INI files, and index files, which would be especially destructive when it comes to a Web server. The JackPot Ransomware will encrypt all files with the following file extensions:


The JackPot Ransomware is very similar to a wide variety of recent ransomware Trojans, including the '.perl File Extension Ransomware Trojan' and the '.thor File Extension Ransomware Trojan.' The JackPot Ransomware will identify files that it has encrypted by changing their extension to '.coin.' This goes with a pattern that has been observed in these variants, which seem to use four-letter words as the file extension identifying the threat. The JackPot Ransomware delivers the ransom note in the form of an HTA app error message, a method first observed in the Lock93 Ransomware Trojan. The JackPot Ransomware's ransom note contains the following message:

'*** jack.pot ***
All your important files are encrypted.
To decrypt your files, pay 3.0 BTC = 830 USD to the Bitcoin address:
[34 random characters]'

It is likely that the JackPot Ransomware is still being tested, since the payment method, which is not effective in this version, is not quite functional.

Dealing with Threats Like the JackPot Ransomware

In the event of infection with threats like the JackPot Ransomware, PC security researchers do not recommend that computer users pay the ransom. There is no guarantee that the con artists that created the JackPot Ransomware will provide the decryption key in exchange for the ransom amount. Paying the ransom also allows con artists to continue creating and distributing these threats, furthering their attacks and putting more computer users at risk for the JackPot Ransomware and other ransomware attacks.

SpyHunter Detects & Remove JackPot Ransomware

File System Details

JackPot Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 5624c920b1fd3da3a451d564bb7488d3 1

Related Posts


Most Viewed