Jest Ransomware
Malware analysts have spotted a new data-encrypting Trojan targeting users online. This new Trojan has been dubbed the Jest Ransomware. Ransomware is very popular in the world of cybercrime since even less-experienced cyber crooks can create and distribute them with the help of ransomware building kits and similar tools.
Table of Contents
Propagation and Encryption
Authors of ransomware threats like the Jest Ransomware use various techniques to distribute their creations. Some of the most popular ones include malvertising operations, pirated applications, torrent trackers, bogus software downloads and updates, mass spam email campaigns, etc. Some cyber crooks may even opt to use a combination of distribution methods to propagate these threatening file-encrypting Trojans. To harm the infected host as much as it can, the Jest Ransomware is likely capable of encrypting a large variety of filetypes - .doc, .docx, .pdf, .png, .jpeg, .jpg, .mp3, .mp4, .mov, .rar, .gif, .xls, .xlsx, .ppt, .pptx, etc. The more files a ransomware threat encrypts, higher the chance that its creators will be paid. The Jest Ransomware would scan your system's data and begin the encryption process as soon as the threat compromises your computer. The Jest Ransomware uses a secure encryption algorithm to lock all the data that fit its criteria. Users affected by the Jest Ransomware will notice that their files' names have been changed after the attack. This is because the Jest Ransomware adds a new extension to all the locked files – '.jest.' For example, a file named 'moon-mirror.jpeg' will be renamed to 'moon-mirror.jpeg.jest' after the encryption process has finished.
The Ransom Note
Next, the Jest Ransomware will change the user's wallpaper and drop a ransom message located in a file called 'note.ini.' Also, the Jest Ransomware will create a desktop shortcut named 'README – Decryption Note.' In the note, the attackers make it clear that they demand 0.3 BTC (approximately $2,000 at the time of typing this post) in exchange for the decryption key the users need to recover their files. The attackers include instructions on what Bitcoin is and how to obtain the cryptocurrency in order to process the payment.
The text presented in the ransom note reads as follows:
What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are
busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
If you want to decrypt all your files, you need to pay.How Do I Pay?
Payment is accepted in Bitcoin only. For more information, click .
Please check the current price of Bitcoin and buy some bitcoins. For more information, click .
And send the correct amount to the address specified in this window.
After your payment, click .
Once the payment is checked, you can start decrypting your files immediately.We strongly recommend you to not remove this software, and disable your antivirus for a while, until you pay and the payment gets processed. If
your antivirus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!1. To pay us, you have to use Bitcoin currency. You can easily buy Bitcoins at following sites:
hxxps://cex.io/
hxxps://www.binance.com/
hxxps://www.coinbase.com/
2. After then, if you already have Bitcoins, pay us 0.3 BTC on following our Bitcoin address.
3. Then, press the “Check Payment” button. We will automatically decrypt your files, after bitcoin transfer.Send 0.3 BTC to;
1MZJgjrDz6h6TPwRAxuh1gEWh2AETrNBAy
How Does Jest Ransomware Work?
Like most ransomware, Jest works by encrypting data and then making a ransom demand for the return of said data. There are lots of different ransomware strains out there. The main differences between the different strains are their encryption method and the size of the ransom demand. Different threat actors may also demand payments in various cryptocurrencies.
As you can see from the ransom note above, Jest encrypts using RSA cryptographic encryption. This encryption means that users can’t access documents, photos, videos, and any other infected files. The only way to recover the data is by purchasing a decryption key from the criminals behind the attack. The price of the decryption key for this attack is 0.3 BTC. This works out at around $2,600 using the current exchange rate, which changes all the time. The note also provides links where people can purchase bitcoin.
The pop-up has a “Check Payment and Decrypt All Files” button that users should click after making the payment. The button starts the automatic decryption process and unlocks files, assuming that the payment was made.
Attackers warn victims that trying to remove the program or manually unlock files will result in permanent data loss. This is no idle threat either, as there is currently no way to decrypt files without intervention from the hackers. Experts say that victims should never pay the ransom for their data, however. There is no guarantee that the threat actors will live up to their end of the deal and provide the decryption tool. Many ransomware victims end up becoming scam victims as well. The only safe and effective way to restore data is to do so through a backup. Don’t forget to remove the virus from an infected machine before restoring a backup. You don’t want to spend time restoring your files just to have them locked up again.
How Did Jest Ransomware Get On My Computer?
There are several ways that ransomware gets on computers. The most common methods are through spam campaigns, trojan viruses, illegal cracking tools, fake software updates, and untrustworthy download sites.
A spam campaign refers to threat actors sending out emails en masse. The emails are disguised to look like official and important messages people shouldn’t ignore. The emails contain either a malicious link or a malicious file download. Accessing these links or downloads infects a target computer.
Trojans are a kind of malicious program that causes chain infection. The name comes from the term “Trojan horse,” as these viruses contain other, more harmful viruses. These malicious programs are also hidden inside illegal cracking tools. Illegal activation tools are known to install ransomware and other malware.
Fake software updates follow a similar process. They exploit flaws in programs or install malware instead of the promised software update. These fake update tools, along with other kinds of malicious software, spread through untrustworthy download sites. Experts recommend users stick to official sources for all of their software and software updates.
How to Protect Against Jest Ransomware
It’s rather easy to avoid Jest ransomware – and indeed other viruses. The most crucial step to take is to avoid suspicious and unsolicited emails. Be sure to avoid any suspicious links or downloads in particular. It’s best to download software and updates through official verified sources. You should avoid using third-party activation tools and illegal cracking tools. These tools commonly contain malware and viruses, not to mention they are illegal anyway.
Don’t forget to have a good quality antivirus/antimalware program installed on your computer. It’s not too late to download and use one if your computer has already been infected. Last but not least, make sure to keep regular backups of your data to protect against data loss.
