JayTHL Ransomware

The most popular ransomware family of 2019 is likely the STOP Ransomware family, however, this does not mean that variants of other data-locking Trojans are not being created too. One of the latest file-encrypting Trojans spotted is called the JayTHL Ransomware and it belongs to the SamSam Ransomware family. Ransomware threats tend to operate in a similar manner – they compromise a host, encrypt all the files present on the system, and then demand money in return for unlocking the affected data. However, many of the users who decide to pay the fee are left disappointed after the cyber crooks never end up delivering on their promises.

Propagation and Encryption

A large number of ransomware threats are being propagated via spam emails. Usually, these are large-scale campaigns that distribute fraudulent emails to thousands of users online. The emails try to convince the user to launch the attached file by using various social engineering techniques. If the targets fall for the trickery and open the unsafe attachment, they will trigger the execution of the threat. Of course, there are other propagation methods like bogus application updates and fake pirated variants of popular software. Once the JayTHL Ransomware has infiltrated the targeted system, it will perform a scan. The goal of the scan is to locate the data, which will be marked for locking. Next, the encryption process begins, and the JayTHL Ransomware applies an encryption algorithm to lock the targeted files. Once a file gets locked by the JayTHL Ransomware, it will have its name altered as this threat appends a '. JayTHL' extension, so that a file that was named 'Albion-Isle.pdf' initially will be renamed to 'Albion-Isle.pdf. JayTHL' when the encryption process has been completed.

The Ransom Note

The next step of the attack is the dropping of the ransom note. The JayTHL Ransomware's ransom note is called 'FuckYouJayTHL_HELP_ENCRYPTED_FILES.txt.' In the message, the attackers state that the ransom fee is $900, which is to be paid in the shape of Bitcoin. Many cybercriminals prefer using cryptocurrencies like Bitcoin, as this helps them protect their anonymity and avoid repercussions for their actions. There is an e-mail address provided where the victim is meant to receive more information – ‘steamgamer99@gmail.com.' The ransom note also contains the phrase 'Fuck you JayTHL!' repeated numerous times. It is likely that the authors of the JayTHL Ransomware hold a grudge against a malware expert who goes by the name JayTHL on Twitter.

We would advise you to resist any urge to get in touch with the creators of the JayTHL Ransomware and attempt to resolve the issue. This will likely end up with you paying the fee and the attackers never delivering on their end of the deal. This is why it is much safer to trust a reputable anti-spyware tool to remove the JayTHL Ransomware from your system safely. You can also try to recover some files using a third-party data-recovery application, but it is not likely that this will be a success.