'java File Extension' Ransomware

The 'java File Extension' Ransomware is an encryption ransomware Trojan that belongs to a large family of ransomware Trojans that has been studied extensively. These ransomware Trojans, derived from the Dharma Ransomware Trojan, have been around for a while, with the latest variants being referred to as the Dharma 2017 Ransomware and appearing in August 2017. The 'java File Extension' Ransomware itself was observed on November 20, 2017, and it is clear that it belongs to this family of threats, with very few changes to the Dharma's code. The 'java File Extension' Ransomware is delivered to victims through corrupted spam email attachments which will take the form of Microsoft Word documents with damaged macro scripts that download and install the 'java File Extension' Ransomware on victim's computers.

How the 'java File Extension' Ransomware Attack Works

Macro scripts are useful scripts that can help computer users automate tasks on their computers. However, they also can be used by threat developers to install threats like the 'java File Extension' Ransomware onto their victims' PCs. Once the 'java File Extension' Ransomware is installed, it scans the victim's computer for certain file types and then uses a combination of the AES and RSA encryptions to make the victim's files inaccessible. One of the ways in which computer users can prevent the 'java File Extension' Ransomware from being installed in the first place is by being cautious with any unsolicited email attachments and to disable macros on their software unless absolutely necessary to prevent threats like the 'java File Extension' Ransomware from being downloaded and installed automatically.

Then, the 'java File Extension' Ransomware created a decryption key and delivers it to its Command and Control server securely, away from the victim's reach. The 'java File Extension' Ransomware will rename the files encrypted by the attack. The 'java File Extension' Ransomware will add a string that contains the word 'java' to the end of the encrypted file's name, as its name implies, specifically the file extension '.[1777783646@@qq.com].java,' making it simple to realize which files were compromised by the 'java File Extension' Ransomware attack. Typical examples of the files that are targeted in attacks like the 'java File Extension' Ransomware, which will try to hit the user-generated files while avoiding Windows system files include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Cybercrooks Use the 'java File Extension' Ransomware to Generate a Profit

Victims of the 'java File Extension' Ransomware will find a ransom note that instructs them to communicate with the people responsible for the 'java File Extension' Ransomware via email. The purpose of this ransom note and email address is to convince the victim to pay a large amount of money for the decryption program that it is necessary to restore the affected files. However, the payment of the 'java File Extension' Ransomware ransom or communication with the cybercrooks should be avoided at all costs. Apart from financing their activities, the cybercrooks are very unlikely to help with recovery, and what they may do is to demand an additional ransom or target the victim for future attacks (since the victim will have shown a willingness to pay). Rather than paying, malware analysts advise computer users to restore their files from a file backup.