Josephnull Ransomware

Malware researchers have spotted a new data-locking Trojan dubbed the Josephnull Ransomware. The goal of this Trojan is to sneak into your PC, use an encryption algorithm to lock your data, and then extort you for money.

Propagation and Encryption

It is not known what the exact infection vector used by the creators of the Josephnull Ransomware is. It is likely that they have used fake emails to distribute this nasty Trojan. The targeted users would receive a bogus email that would either contain a macro-laced attachment or a malicious link. However, the authors of the Josephnull Ransomware may have opted to use malvertisement, torrent trackers, fake application updates, fraudulent social media profiles, etc. The Josephnull Ransomware is likely to target .jpeg, .jpg, .png, .gif, .svg, .ppt, .pptx, .xlsx, .xls, .doc, .docx, .txt, .pdf, .mp3, .midi, .mid, .aac, .mp4, .mov, .webm, files among many others. Once the Josephnull Ransomware encrypts a file, it also modifies its filename by adding '.crypted' extension. This means that a file, which you originally named 'empty-streets.pdf,' will be renamed to 'empty-streets.pdf.crypted' after the encryption process has been completed.

The Ransom Note

In the next step of the attack, the Josephnull Ransomware drops two files on the user's system. The files contain the attackers' ransom message. The two files are named 'HOW_TO_DECYPHER_FILES.hta' and 'HOW_TO_DECYPHER_FILES.txt.' In addition to this, the Josephnull Ransomware would change the victim's wallpaper in order to display yet another copy of the ransom note. The ransom note displays a skull with glowing eyes at the top of the window and a ransom message written in red font. The authors of the Josephnull Ransomware demand to be paid $20,000 in Bitcoin as a ransom fee. The attackers give a 48-hour deadline and warn users that if they fail to meet it, their data will be lost. There are two email addresses provided – ‘josephnull@secmail.pro' and ‘my-contact-email@protonmail.com.'

It is best to ignore the demands of the Josephnull Ransomware's creators. Instead of wasting your money, you should consider downloading and installing a genuine, up-to-date antivirus software suite that will quickly remove the Josephnull Ransomware from your computer.