Jron Ransomware
Cybersecurity experts have uncovered a ransomware strain known as Jron. Further investigation has revealed that Jron has the ability to encrypt data and alter file names. Jron employs a tactic of appending a unique victim's ID, the 'jerd@420blaze.it' email address, and the '.jron' extension to filenames, resulting in files such as '1.png.id-9ECFA84E.[jerd@420blaze.it].jron' and '2.doc.id-9ECFA84E.[jerd@420blaze.it].jron.' In addition to file encryption and alteration, Jron also presents a pop-up window and generates a text file, 'info.txt,' containing ransom demands. The threat has been confirmed to be a variant belonging to the Dharma Ransomware family.
The Jron Ransomware Demands a Ransom in Bitcoin
The ransom note is a message sent by cyber attackers to inform their victims that their computers' files have been encrypted, and the attacker is demanding a ransom to restore them. The note contains specific instructions on how to contact the attacker via email, and the victim must include a unique ID provided in the message to start the restoration process.
The threat actors offer a free decryption service for up to three files, but there are limitations on the file size and data type. If the victim wants to decrypt more files, they will need to pay a ransom. Jron Ransomware's note also includes information on how to purchase Bitcoins, a cryptocurrency that is often used in ransomware attacks, to pay the ransom.
The attackers warn the victims not to try to rename or decrypt the files using third-party software because this could lead to permanent data loss or increased fees.
Preventive Measures are the Best Course of Action When Dealing with Threats Like the Jron Ransomware
Ransomware attacks can be devastating to individuals and organizations alike. The best preventive measures to stop or mitigate the damage caused by ransomware attacks involve taking a multi-layered approach to security. This approach should include a combination of technical and non-technical measures.
First and foremost, regular backups of important data should be made and stored in a secure location. This ensures that even if ransomware encrypts the original data, it can still be restored from the backup. Backups should be regularly tested to ensure their integrity and availability.
Secondly, user education and training are essential. Employees must be trained to identify and avoid phishing emails, suspicious links and downloads. They also must be taught to avoid clicking on suspicious links or downloading attachments from unknown sources. Regular security awareness training should be provided to all employees to ensure they are up-to-date with the latest security best practices.
Thirdly, network security must be robust, with firewalls, anti-malware software, and intrusion detection and prevention systems (IDPS) in place to prevent and detect attacks. Regular software updates and patches must be applied to all software and operating systems, and access controls should be implemented to prevent unauthorized access to sensitive data.
Overall, a multi-layered approach to security involving backups, user education and training, network security, and incident response plans is the best way to prevent or mitigate the damage caused by ransomware attacks.
The full text of Jron Ransomware's demands displayed in a pop-up window is:
'All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: ronrivest@airmail.cc (roneast@tuta.io) YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:ronivest@tutanota.com
------------------------------------
qTOX chat download link:
hxxps://tox.chat/download.html
qTOX chat ID: 67BFA5C82CA08CDD82A2DC14C2A521EA 4FF73E387CF79121B60450808F81395E51807A493878
Free decryption as guarantee:
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins:
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
The text file created by the threat delivers the following message:
You want to return?
write email jerd@420blaze.it or roneast@tuta.io or ronrivest@airmail.cc or ronivest@tutanota.com/
