James Ransomware

The James Ransomware is a ransomware Trojan that was first observed carrying out attacks on January 16, 2019. The James Ransomware carries out a typical encryption ransomware attack. These infections consist of threats that take the victim's files hostage by encrypting them with a strong encryption algorithm. Once the victim's files have been compromised, the criminals responsible for the James Ransomware ask for payment in exchange for the means needed to restore the affected data. Computer users must take precautions against the James Ransomware and the many other encryption ransomware Trojans that are being used to attack computers currently.

How the James Ransomware Carries Out Its Attack

The James Ransomware carries out a typical version of this attack, using the AES encryption to make the victim's files inaccessible. The James Ransomware stores the encrypted AES key to a file named 'ENCRYPTEDKEY' and a SHA-512 hash to 'KEYHASH,' both inaccessible to the computer user. Essentially, the encryption key needed to restore the files encrypted by the James Ransomware attack becomes inaccessible, meaning that the victim's only way of restoring the files encrypted by the attack is by obtaining the decryption key from the criminals responsible for the James Ransomware attack directly. Unfortunately, they cannot be trusted to help the victims recover from a James Ransomware attack. In these attacks, the user-generated files are targeted generally. These may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The James Ransomware attack will encrypt the files using a method that will make it easy to recognize them because the James Ransomware will add the file extension .'James' to the end of the file's name, as a new extension.

Protecting Your Data from Threats Like the James Ransomware

Encryption ransomware Trojans like the James Ransomware are becoming common increasingly. Unfortunately, when they use the AES encryption (like the James Ransomware does) or other strong forms of encryption, recovering the files encrypted by the attack becomes impossible; the same technology that keeps software and online communication safe from tampering is used to make the encryption key inaccessible. Because of this, prevention is key when it comes to combating encryption ransomware Trojans like the James Ransomware. The leading preventive measure is to have file backups, storing backup copies of all data on an external memory device or the cloud. Apart from file backups, PC security researchers advise computer users to have a security program that is fully up-to-date to intercept infections like the James Ransomware before they carry out their attacks and take the victim's files hostage.