The Joker Ransomware is a variant belonging to the VoidCrypt malware family. Even though the threat doesn't appear to exhibit any meaningful improvements over the other variants from the VoidCrypt Ransomware family, it is still capable of causing significant damage to the infected systems. Victims will be left unable to access most of the documents, PDFs, photos, images, archives, databases, and other file types stored on the breached devices.
When the Joker Ransomware encrypts a file, it also changes that file's original name drastically. The threat attaches to the file names an ID string that is generated specifically for each separate victim. Then the malware adds an email address controlled by its operators - 'email@example.com.' Finally, a new file extension - '.Joker,' is attached to the file names. Victims are left with two identical ransom notes. One will be shown as a pop-up window created from a file named 'Decryption-Guide.HTA' while the other will be delivered as a text file named 'Decryption-Guide.txt.'
According to the ransom-demanding messages of the Joker Ransomware, victims must locate a specific key file on the infected device and send it to the cybercriminals. This file is supposed to be in the C:/ProgramData folder and without its data, none of the encrypted files can be restored. The ransom note also provides a secondary email address at 'firstname.lastname@example.org@mailfence.com that could be used for communication.
The full text of the Joker Ransomware's notes is:
'Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : RSAKEY-SE-24r6t523 pr RSAKEY.KEY) to Make Sure Your Files Can be Restored
Make an Agreement on Price with me and Pay
Get Decryption Tool + RSA Key AND Instruction For Decryption Process
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
4-Do Not Always Trust to Middle mans and negotiators (some of them are good but some of them agree on 4000usd for example and Asked 10000usd From Client) this Was happened
Your Case ID :
OUR Email :email@example.com
in Case of no answer: firstname.lastname@example.org'