JoeGo Ransomware

The JoeGo Ransomware is an encryption Trojan that carries out a typical attack of this type on the victims' computers. There is very little to differentiate the JoeGo Ransomware from other encryption ransomware Trojans. The JoeGo Ransomware takes the victims' files hostage and then demands a ransom payment from the victim. The JoeGo Ransomware's intended victims seem to be located in Czech speaking regions.

Why the JoeGo Ransomware is Threatening

The JoeGo Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible. The JoeGo Ransomware changes the encrypted files by appending the file extension 'LOCKED' to each file's name. The JoeGo Ransomware delivers a ransom note in the form of a text file dropped on the infected computer's desktop. This ransom note is in Czech. Below is a translation of this file's contents:

'Your files have been encrypted!
Timeleft
95:53:03
What happened to my files?
Your documents, photos, music, movies and many other files have been encrypted.By clicking the 'Show Encrypted List'button, you can view the files that I encrypted for you.These files can only be restored if you follow the procedure below.
[Show Encrypted List]
How do I recover my files?
Your data has been encrypted with a unique key using the powerful AES encryption algorithm.This unique key was encrypted with a public key using the RSA algorithm and then stored on your computer. You will need a private key to decrypt your files.This private key is stored on our server.I will give you the private key after paying the financial fee.You have 96 hours of data encryption to pay the fee.If you fail to pay the fee, the private key on the server will be deleted.Then no one can decrypt your data, you'll lose it permanently.
How do i proceed?
Your unique ID is 332845.
Transfer the amount of 0.05 BTC using the payment gateway specified below.
Then just wait a while, decryption of your files will happen automatically after receiving the required amount.
[Go to payment gateway.]'

The JoeGo Ransomware targets the user-generated files, which includes a variety of media files, documents, databases and others. The following are examples of the files that threats like the JoeGo Ransomware target in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Dealing with the JoeGo Ransomware Infection

The best protection against threats like the JoeGo Ransomware is to have file backups stored on the cloud or an external storage facility. A security program also should be used to remove the JoeGo Ransomware itself. Unfortunately, the JoeGo Ransomware attack makes the encrypted files unrecoverable without the decryption key, which the criminals hold in their possession.