Threat Database Ransomware JJLF Ransomware

JJLF Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 22
First Seen: February 5, 2021
Last Seen: September 2, 2021
OS(es) Affected: Windows

The JJLF Ransomware is a file-locking Trojan that comes from the AES-Matrix Ransomware family. It encrypts media files and holds them hostage, while demanding a ransom through its notes to victims. A secure backup is an essential component of recovering data that the Trojan locks, and most cyber-security products will automatically remove the JJLF Ransomware from compromised systems.

The Matrix Keeps a New Year's Resolution for Extortion

The family of file-locking Trojans, the AES-Matrix Ransomware, is somewhat more-professional and polished than more-casual equivalents in its field. Similar to the NEFILIM Ransomware, it often targets unprotected businesses and includes a multi-pronged approach to extorting money out of them. Samples of the JJLF Ransomware arriving in threat databases confirm that this Trojan enterprise is alive and well after years of attacks.

The JJLF Ransomware is a Windows threat that separates itself from other relatives, mainly by choosing a new extension for locked files (shown in its name). The Trojan blocks content, such as documents and images, by encrypting them with secure AES and RSA algorithms. With the encryption accomplished, it also replaces the names with its random extension, an ID and a bracket-enclosed e-mail.

Some less-obtrusive but still-important attacks in its arsenal include hijacking the user's wallpaper, deleting the Restore Points, and disabling features like boot-up alerts or Windows Recovery.

The JJLF Ransomware also has a point of comparison with the NEFILIM Ransomware family: warning victims with consequences for not paying its ransom. Besides holding the unlocking solution hostage, the JJLF Ransomware also raises possibilities such as leaking data to the public or selling to third-party criminals. These threats are potent against breached companies that may have backups but also own servers with confidential data.

Strengthening Security for a Fresh Year of Trojans

Businesses and website administrators should take the JJLF Ransomware's campaign to heart and implement suitable precautions if they haven't already. File-locker Trojans of this family, such as the FRFO Ransomware, the BNFD Ransomware, the Matrix-SBLOCK Ransomware, the Matrix-NOBAD Ransomware, and the FDFK22 Ransomware, circulate regularly and remain threatening to users who don't back up their most valuable work.

Concerning AES-Matrix Ransomware variants, malware researchers recommend that users:

  • Change weak passwords to ones that can resist brute-force attempts
  • Install all software updates pomptly
  • Disable threatening features like Word macros and browser JavaScript
  • Be cautious around e-mail attachments and obfuscated links to unexpected downloads

Backups may remove the danger of losing media, but the JJLF Ransomware's other warnings remain relevant to its victims. Users can best prevent infections and quickly remove the JJLF Ransomware through dedicated cyber-security programs that flag and contain threats as they appear.

Deleting the JJLF Ransomware doesn't stop all the consequences of a security breach. As criminals branch out in their means of making money, users at the other ends of their attacks suffer greatly, assuming that they don't dodge the attack in the first place.


Most Viewed