Jager Ransomware

The Jager Ransomware is a dangerous encryption ransomware Trojan that encrypts its victims' files and then asks for the payment of a fee in exchange for providing the decryption key. The Jager Ransomware is quite complex, and once it has encrypted the victim's files, it may not be possible to decrypt them without access to the decryption key, which is stored on the con artists' Command and Control servers. If the Jager Ransomware has been installed on your computer, PC security analysts strongly advise the use of a security program to remove the Jager Ransomware completely and then restoring the affected files from a backup location.

A Backup can Restore the Files Encrypted by the Jager Ransomware

Many ransomware Trojans have been decrypted in recent months, with PC security analysts creating decryption utilities for several high profile ransomware attacks. Unfortunately, there is no decryption utility for the Jager Ransomware currently. PC security analysts advise the use of a reliable backup method to ensure that your files are properly protected from these attacks. Files that have been encrypted by the Jager Ransomware can be easily identified because the first four bytes of the file's information will have been changed to include the string '!ENC.'

How the Jager Ransomware Spreads

The most common way in which the Jager Ransomware and similar threats are spread is through the use of corrupted email attachments. These emails also may contain embedded links that force computer users to download and install the Jager Ransomware automatically. These emails may be disguised as legitimate emails from a company such as a messenger service, a hotel or a bank. Computer users shouldn't open unsolicited email attachments, and learning to recognize these tactics by always being cautious online.

An In-Depth Look into the Jager Ransomware Attack

After the Jager Ransomware infects a computer, it generates a new AES-256 key for the encryption attack. This key is itself encrypted using RSA, and then added to the end of each file. The first four bytes of each encrypted file will be '!ENC,' which may be of particular significance to PC security analysts. The Jager Ransomware's ransom note is contained in a file named 'Important_Read_Me.html,' which opens the victim's Web browser and displays a message instructing victims of the Jager Ransomware to send an email to smartfiles9@yandex.com for more information. Once the Jager Ransomware has infected the victim's computer, it searches for files with the following extensions to encrypt them:

.3DM, .3DS, .3G2, .3GP, .7Z, .ACCDB, .AES, .AI, .AIF, .APK, .APP, .ARC, .ASC, .ASF, .ASM, .ASP, .ASPX, .ASX, .AVI, .BMP, .BRD, .BZ2, .C, .CER, .CFG, .CFM, .CGI, .CGM, .CLASS, .CMD, .CPP, .CRT, .CS, .CSR, .CSS, .CSV, .CUE, .DB, .DBF, .DCH, .DCU, .DDS, .DIF, .DIP, .DJV, .DJVU, .DOC, .DOCB, .DOCM, .DOCX, .DOT, .DOTM, .DOTX, .DTD, .DWG, .DXF, .EML, .EPS, .FDB, .FLA, .FLV, .FRM, .GADGET, .GBK, .GBR, .GED, .GIF, .GPG, .GPX, .GZ, .H, .HTM, .HTML, .HWP, .IBD, .IBOOKS, .IFF, .INDD, .JAR, .JAVA, .JKS, .JPG, .JS, .JSP, .KEY, .KML, .KMZ, .LAY, .LAY6, .LDF, .LUA, .M, .M3U, .M4A, .M4V, .MAX, .MDB, .MDF, .MFD, .MID, .MKV, .MML, .MOV, .MP3, .MP4, .MPA, .MPG, .MS11, .MSI, .MYD, .MYI, .NEF, .NOTE, .OBJ, .ODB, .ODG, .ODP, .ODS, .ODT, .OTG, .OTP, .OTS, .OTT, .P12, .PAGES, .PAQ, .PAS, .PCT, .PDB, .PDF, .PEM, .PHP, .PIF, .PL, .PLUGIN, .PNG, .POT, .POTM, .POTX, .PPAM, .PPS, .PPSM, .PPSX, .PPT, .PPTM, .PPTX, .PRF, .PRIV, .PRIVAT, .PS, .PSD, .PSPIMAGE, .PY, .QCOW2, .RA, .RAR, .RAW, .RM, .RSS, .RTF, .SCH, .SDF, .SH, .SITX, .SLDX, .SLK, .SLN, .SQL, .SQLITE, .SQLITE, .SRT, .STC, .STD, .STI, .STW, .SVG, .SWF, .SXC, .SXD, .SXI, .SXM, .SXW, .TAR, .TBK, .TEX, .TGA, .TGZ, .THM, .TIF, .TIFF, .TLB, .TMP, .TXT, .UOP, .UOT, .VB, .VBS, .VCF, .VCXPRO, .VDI, .VMDK, .VMX, .VOB, .WAV, .WKS, .WMA, .WMV, .WPD, .WPS, .WSF, .XCODEPROJ, .XHTML, .XLC, .XLM, .XLR, .XLS, .XLSB, .XLSM, .XLSX, .XLT, .XLTM, .XLTX, .XLW, .XML, .YUV, .ZIP, .ZIPX, .DAT.

To ensure that the victim's computer remains operational (so the victim can read the ransom message and payment instructions), the Jager Ransomware targets files and documents that may have a personal or professional value to the computer user, avoiding the following directories when encrypting the victim's data:

Application Data, AppData, Program Files (x86), Program Files, Temp, $Recycle.Bin, System Volume Information, Boot, Windows, ProgramData.