Junior Ransomware

Junior Ransomware Description

At the beginning of August 2019, cybersecurity experts uncovered a new ransomware threat. This threat goes by the name Junior Ransomware, and when studied, it revealed to be a variant of the Cryakl Ransomware.

Propagation and Encryption

It has not yet been disclosed what the propagation method applied in the spreading of the Junior Ransomware is. However, it is very likely that spam emails containing corrupted attachments, bogus application updates, and pirated variants of legitimate software may be among the infection vectors used by the creators of the Junior Ransomware. When the Junior Ransomware compromises a computer, it perform a scan whose purpose is to locate all the files, which will be marked for encryption. Next, the Junior Ransomware will start the encryption process. Once the Junior Ransomware locks a file, it will change its filename by adding a '.[id-].[mr.yoba@aol.com].junior’ extension at the end of it. For example, a file, which is named 'No-War.jpg,' will be renamed to 'No-War.jpg.[id-].[mr.yoba@aol.com].junior.’

The Ransom Note

In the next step of the attack, the Junior Ransomware will drop a ransom note named '%= RETURN FILES =&.html,' which reads:

’ All your files was encrypted!
Paradise Team!
Ur personal ID
Your personal KEY

All important data that was stored on this computer have been stolen due a security problem.
If you want to back them, just write to us by email,.
You have to pay in Bitcoins.
After payment we will send you the software for decrypt that will back all your files.
Before payment you can send us 1-3 files , and we back you restored files for free.
File size should not exceed 1MB.
Please note that files must NOT contain valuable information.
We accept payments in bitcoins, but you do not need to be able to use bitcoins.
You do not need a bitcoin wallet.
I will explain how you can pay using ANY currency in any way convenient to you.
Email: mr.yoba@aol.com
Email: mr.yoba@aol.com
Do not rename files
Do not try to back your data using third-party software, it may cause permanent data loss(If you do not believe us, and still try to – make copies of all files so that we can help you if third-party software harms them)
As evidence, we can for free back one file
Decoders of other users is not suitable to back your files – encryption key is created on your computer when the program is launched – it is unique.’

The authors of the Junior Ransomware do not mention the ransom fee that will be demanded from the victim. They offer to unlock 1-3 files for free, as long as they are no larger than 1MB, as proof that they have a functioning decryption key. The authors of the Junior Ransomware given out an email address where they expect to be contacted for further instructions – 'mr.yoba@aol.com.'

Resist any urge to contact the cybercriminals responsible for the Junior Ransomware. Instead, obtain a reputable anti-virus software suite, which will remove the Junior Ransomware from your computer safely and swiftly.

Do You Suspect Your PC May Be Infected with Junior Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Junior Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.