Jemd Ransomware

The Jemd Ransomware is an encryption ransomware Trojan. The Jemd Ransomware was first observed in the middle of December 2018. There is not substantial information available about the Jemd Ransomware threat, and it is likely that the Jemd Ransomware will be retired and new versions released since there seems to be a serious flaw in the Jemd Ransomware's implementation that allows victims to recover their data relatively easily. However, as with most encryption ransomware Trojans, it is important that computer users take steps to safeguard their data from this threat.

How the Jemd Ransomware Trojan Carries Out Its Attack

Encryption ransomware Trojans function by taking the victim's files hostage. To do this, the Jemd Ransomware uses the AES encryption to make the victim's files inaccessible. Once the Jemd Ransomware has compromised the files, it will demand a ransom payment from the victim. The Jemd Ransomware's attack targets the user-generated files, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .ra.

The Jemd Ransomware delivers a text file named 'Recovery.txt,' which contains the following ransom note to demand its ransom payment:

'<><><><><><>jemd<><><><><><>
All your files were encrypted by jemd.
Used a AES encryption.
AES a best algorytm. If you – [user account name], decryption impossible
Contact us: rezko@prottykon dot mit dot edu
\\Recovery.TXT'

PC security researchers strongly advise PC users to ignore the ransom demand and avoid contacting the criminals responsible for the Jemd Ransomware attack.

Recovering from the Jemd Ransomware Attack

Most encryption ransomware Trojans delete the System Restore points and the Shadow Volume Copies of the data to prevent the victims from using these methods to restore the files lost in these attacks. However, it seems that the Jemd Ransomware does not remove the System Restore points. This means that computer users affected by the Jemd Ransomware can often just restore their computers to an older state to undo the effects of a Jemd Ransomware attack.

Protecting Your Data from Threats Like the Jemd Ransomware

The best protection against threats like the Jemd Ransomware is to have file backups stored on the cloud or another exterior device. Computer users should not forget that they can use the backup copies of their files to restore any data lost in the Jemd Ransomware attack. Apart from file backups, computer users are advised to use a security program to scan their computers and remove the Jemd Ransomware infection. It is also primordial to be familiar with the typical methods used to deliver threats like the Jemd Ransomware, such as spam email attachments and corrupted file downloads, and avoid these infection vectors as much as possible.