Junior Ransomware

At the beginning of August 2019, cybersecurity experts uncovered a new ransomware threat. This threat goes by the name Junior Ransomware, and when studied, it revealed to be a variant of the Cryakl Ransomware.

Propagation and Encryption

It has not yet been disclosed what the propagation method applied in the spreading of the Junior Ransomware is. However, it is very likely that spam emails containing corrupted attachments, bogus application updates, and pirated variants of legitimate software may be among the infection vectors used by the creators of the Junior Ransomware. When the Junior Ransomware compromises a computer, it perform a scan whose purpose is to locate all the files, which will be marked for encryption. Next, the Junior Ransomware will start the encryption process. Once the Junior Ransomware locks a file, it will change its filename by adding a '.[id-].[mr.yoba@aol.com].junior’ extension at the end of it. For example, a file, which is named 'No-War.jpg,' will be renamed to 'No-War.jpg.[id-].[mr.yoba@aol.com].junior.’

The Ransom Note

In the next step of the attack, the Junior Ransomware will drop a ransom note named '%= RETURN FILES =&.html,' which reads:

’ All your files was encrypted!
Paradise Team!
Ur personal ID
Your personal KEY

YOUR FILES HAS BEEN LOCKED!
All important data that was stored on this computer have been stolen due a security problem.
If you want to back them, just write to us by email,.
You have to pay in Bitcoins.
After payment we will send you the software for decrypt that will back all your files.
DO YOU NEED A PROOF?
Before payment you can send us 1-3 files , and we back you restored files for free.
File size should not exceed 1MB.
Please note that files must NOT contain valuable information.
HOW TO PAY
We accept payments in bitcoins, but you do not need to be able to use bitcoins.
You do not need a bitcoin wallet.
I will explain how you can pay using ANY currency in any way convenient to you.
Communication
Email: mr.yoba@aol.com
or
Email: mr.yoba@aol.com
Nix!
Do not rename files
Do not try to back your data using third-party software, it may cause permanent data loss(If you do not believe us, and still try to – make copies of all files so that we can help you if third-party software harms them)
As evidence, we can for free back one file
Decoders of other users is not suitable to back your files – encryption key is created on your computer when the program is launched – it is unique.’

The authors of the Junior Ransomware do not mention the ransom fee that will be demanded from the victim. They offer to unlock 1-3 files for free, as long as they are no larger than 1MB, as proof that they have a functioning decryption key. The authors of the Junior Ransomware given out an email address where they expect to be contacted for further instructions – 'mr.yoba@aol.com.'

Resist any urge to contact the cybercriminals responsible for the Junior Ransomware. Instead, obtain a reputable anti-virus software suite, which will remove the Junior Ransomware from your computer safely and swiftly.