JungleSec Ransomware

PC security researchers first observed the JungleSec Ransomware, an encryption ransomware Trojan, on June 19, 2018. The JungleSec Ransomware is a variant of HiddenTear, an open source encryption ransomware platform released in 2015. Originally, this threat was meant for educational purposes, but the criminals adapted it easily to carry out harmful attacks, resulting in countless variants of this hoax being used against computer users all over the world.

How the JungleSec Ransomware Attacks a Computer

The JungleSec Ransomware's initial installation tends to come from a spam email attachment. These tactics will use misleading language and corrupted macro scripts to download and install threats onto the victim's computer. The JungleSec Ransomware will use the AES 256 encryption to make the victim's files inaccessible, essentially taking them hostage. The JungleSec Ransomware targets a wide variety of the user-generated files, which may include numerous document and media types, as well as commonly used files. The file extensions that may be targeted in attacks like the JungleSec Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The JungleSec Ransomware will mark the victim's files by adding the file extension '.jungle@anonymousspechcom' to the names of the affected files. When the JungleSec Ransomware corrupts the files, they will no longer be accessible and will show up as blank icons on Windows Explorer.

The JungleSec Ransomware's Ransom Demand

The JungleSec Ransomware delivers a ransom note named 'ENCRYPTED.m,' which will be dropped in the affected computer's desktop directory. The full text of the JungleSec Ransomware ransom note reads:

'What happened to my data?
-----------------------
Your data are encrypted. If you try to bruteforce, change the path, the name or do anything that can alterate a single byte of a file(s) will result
to a fail of the recovery process, meaning your file(s) will be loss for good.

How can I retrieve them?
-------------------------
- To known the process, you must first send 0.3 bitcoin to the following address: 1Jj129L3SYjMs9X2F9xMSYZicCPbKrAZmC
- Once the payment made, send your email address to junglesec@anonymousspeech[.]com, do not forget to mention the IP of server/computer

Will you send the process recovery once payment is made?
--------------------------------------------------------
- We have no interest to not send you the recovery process if payment was made.
- Once the payment is made, you should receive the recovery process to decrypt your data in less 24 hours'

The JungleSec Ransomware's ransom amount is close to 2000 USD, to be paid in Bitcoin. Malware experts advise computer users to avoid paying this ransom amount or using the contact email provided to contact the criminals responsible for the attack. Instead of doing this, computer users should use a trustworthy security program that is fully up-to-date to protect their computers and take special caution when dealing with spam emails and spam email attachments. The best protection against threats like the JungleSec Ransomware, however, is to have file backups stored on external devices. This enables computer users to restore their files after the JungleSec Ransomware has compromised them.