The Jokeroo Ransomware Trojan is part of a RaaS (Ransomware as a Service) that is being advertised to allow the criminals to create custom versions of this ransomware Trojan. The Jokeroo Ransomware carries out a basic encryption ransomware attack by entering a computer through surreptitious means and using a strong encryption algorithm to make the victim's files inaccessible, essentially taking them hostage. The Jokeroo Ransomware then demands a ransom payment from the victim.
The Jokeroo Ransomware's Use of the Infamous RaaS
The Jokeroo Ransomware can be developed using the RaaS platform provided by the Jokeroo Ransomware's authors. Criminals wanting to create their own version of this threat can pay for a package, which ranges in price from $60 to $600. These packages give the criminals different tools to create variants of threats like the Jokeroo Ransomware, allowing them to purchase components that can help them distribute this threat or make the threat more or less effective. The Jokeroo Ransomware's creators simply provide the tools and the criminals using them distribute the Jokeroo Ransomware and infect computers. The Jokeroo Ransomware's creators also can receive a percentage of the profits from the Jokeroo Ransomware attacks.
How the Jokeroo Ransomware Attack Works
The Jokeroo Ransomware Trojan is identical to most other encryption ransomware Trojans. The Jokeroo Ransomware is generally propagated using corrupted spam email attachments. Once the Jokeroo Ransomware has been installed, it uses the AES encryption to encrypt the victim's data, making the files inaccessible. The following are examples of the files that threats like the Jokeroo Ransomware target in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
Once the victim's files have been changed, the Jokeroo Ransomware demands a ransom payment from the victim, delivering a ransom note in the form of a text or HTML file, which asks the victim to get in touch with the criminals via email or make a payment to a specific Bitcoin wallet. Malware experts are very positive when advising computer users to refrain from paying any ransoms associated with threats like the Jokeroo Ransomware since paying these ransoms allows the criminals to continue developing these threats and financing their activities and does not guarantee in any way that the victim will restore any of the compromised data. In fact, making a payment and contacting the criminals may put the victim at risk for additional hoaxes and infections.
Protecting Your Data from the Jokeroo Ransomware
The best protection against threats like the Jokeroo Ransomware is to be proactive by taking prevention steps such as having backup copies of your files, which should be stored on independent devices or the cloud. After a Jokeroo Ransomware infection, the victims can simply restore the compromised data from a backup, removing any leverage that the criminals may have in this attack.