JayTHL Ransomware Description
The most popular ransomware family of 2019 is likely the STOP Ransomware family, however, this does not mean that variants of other data-locking Trojans are not being created too. One of the latest file-encrypting Trojans spotted is called the JayTHL Ransomware and it belongs to the SamSam Ransomware family. Ransomware threats tend to operate in a similar manner – they compromise a host, encrypt all the files present on the system, and then demand money in return for unlocking the affected data. However, many of the users who decide to pay the fee are left disappointed after the cyber crooks never end up delivering on their promises.
Propagation and Encryption
A large number of ransomware threats are being propagated via spam emails. Usually, these are large-scale campaigns that distribute fraudulent emails to thousands of users online. The emails try to convince the user to launch the attached file by using various social engineering techniques. If the targets fall for the trickery and open the unsafe attachment, they will trigger the execution of the threat. Of course, there are other propagation methods like bogus application updates and fake pirated variants of popular software. Once the JayTHL Ransomware has infiltrated the targeted system, it will perform a scan. The goal of the scan is to locate the data, which will be marked for locking. Next, the encryption process begins, and the JayTHL Ransomware applies an encryption algorithm to lock the targeted files. Once a file gets locked by the JayTHL Ransomware, it will have its name altered as this threat appends a '. JayTHL' extension, so that a file that was named 'Albion-Isle.pdf' initially will be renamed to 'Albion-Isle.pdf. JayTHL' when the encryption process has been completed.
The Ransom Note
The next step of the attack is the dropping of the ransom note. The JayTHL Ransomware's ransom note is called 'FuckYouJayTHL_HELP_ENCRYPTED_FILES.txt.' In the message, the attackers state that the ransom fee is $900, which is to be paid in the shape of Bitcoin. Many cybercriminals prefer using cryptocurrencies like Bitcoin, as this helps them protect their anonymity and avoid repercussions for their actions. There is an e-mail address provided where the victim is meant to receive more information – ‘firstname.lastname@example.org.' The ransom note also contains the phrase 'Fuck you JayTHL!' repeated numerous times. It is likely that the authors of the JayTHL Ransomware hold a grudge against a malware expert who goes by the name JayTHL on Twitter.
We would advise you to resist any urge to get in touch with the creators of the JayTHL Ransomware and attempt to resolve the issue. This will likely end up with you paying the fee and the attackers never delivering on their end of the deal. This is why it is much safer to trust a reputable anti-spyware tool to remove the JayTHL Ransomware from your system safely. You can also try to recover some files using a third-party data-recovery application, but it is not likely that this will be a success.
Do You Suspect Your PC May Be Infected with JayTHL Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like JayTHL Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.