Threat Database Ransomware Jewsomware Ransomware

Jewsomware Ransomware

By GoldSparrow in Ransomware

The Jewsomware Ransomware is a data encryption Trojan that was recognized by computer security researchers on July 12th, 2018. Its payload may be delivered with spam emails that may seem to come from a reputable company. The threat is installed in a somewhat interesting way. A text document with embedded macro might be used to generate a fake 'Windows is working on updates' screen while the Jewsomware Ransomware Trojan is downloaded from a remote site and your data is encrypted in the background.

The fake 'Windows is working on updates' may be displayed for as long as it is needed to delete the Shadow Volume snapshots in Windows and encode your data. The Jewsomware Ransomware uses open-source technologies to make the files unreadable and export the decryption key to a remote server. For example, the threat overwrites 'Impatiens hawkeri—New Guinea Impatiens.png' with the encrypted and renames the version 'Impatiens hawkeri—New Guinea Impatiens.png.jewsomware.' Computer security experts have reported that the Jewsomware Ransomware has two versions that offer decryption keys priced at 300€ and 600€. The Jewsomware Ransomware Trojan is known to produce a program window with a caricature of a Jewish person and show the following message:

'Your Files Have Been Encrypted by the Sneaky Jew!
To Decrypt them just follow these steps:
- Send 300/600 € in Bitcoin to this address:
[random characters]
- Send your Bitcoin address and your ID to this email:
- Wait untill you receive your Decryption key and enter it below
- Click Decrypt and wait untill it's finished
- Restart your computer
ID: [10 random characters]

The Jewsomware Ransomware may not be as impressive as the EncryptServer2018 Ransomware and the Parisher Ransomware, but it should not be underestimated. Unprepared PC users may suffer irreparable damages to their data. Hence, you should add a backup tool to Windows and make sure to keep copies of your files on an unmapped memory drive. The Jewsomware Ransomware is programmed to overwrite the original files on your disks securely, and you want to have clean versions if you are to recover from Jewsomware attacks successfully. PC users can remove all files associated with the Jewsomware Ransomware using a respected anti-malware instrument. AV scanners use the following detection names regarding samples of Jewsomware Ransomware:

MSIL:Ransom-BK [Trj]
Trojan ( 005085f21 )


Most Viewed