JesusCrypt Ransomware Description
A brand-new file-encrypting Trojan has been spotted in the wild. Its name is JesusCrypt Ransomware. Once malware researchers came across the JesusCrypt Ransomware, they made sure to dissect the threat. What they discovered is that this ransomware threat is an unfinished project with some ‘good’ potential. Cybersecurity experts speculate that this may be a variant of the HiddenTear Ransomware, but this is yet to be confirmed.
Propagation and Encryption
It is not clear what propagation methods are the attackers using to spread the JesusCrypt Ransomware. The most commonly used infection vector is spam emails. These emails often contain a fraudulent message riddled with social engineering tricks whose sole purpose is to lure the user into opening the attached file. The message may make it seem like this is an important and yet completely harmless attachment, but it is not the truth. If you fall for this trickery and launch the attached file, the JesusCrypt Ransomware will execute its corrupted code and compromise your computer. Among other methods that may be utilized in the propagation of the JesusCrypt Ransomware could be torrent trackers, fraudulent software updates, and bogus pirated variants of popular applications. If the JesusCrypt Ransomware manages to hijack your system, it will scan your data with the goal of locating the files, which it was programmed to encrypt. Next, the encryption process will begin, and the targeted data will be locked. Upon encrypting a file, the JesusCrypt Ransomware adds a '.jc' extension to its name. This means that a file, which was called 'old-gold.jpeg' originally, will be renamed to 'old-gold.jpeg.jc' and no longer be usable.
The Ransom Note
When the JesusCrypt Ransomware is done locking your files, it will drop its ransom note in the shape of a 'READ_IT.txt' file. What leads researchers to believe that the JesusCrypt Ransomware is still in development is that its authors have not included their contact details or a Bitcoin wallet, despite them demanding $200 in the shape of Bitcoin. In the note, they offer to unlock one file free of charge, provided that it is no larger than 1MB. This is done as a guarantee that the attackers have a working decryption key.
It is never a good idea to pay cybercriminals as there is no guarantee that they will deliver on their promises. A legitimate anti-malware tool will be able to remove the JesusCrypt Ransomware from your computer easily.