Junior Ransomware Description
At the beginning of August 2019, cybersecurity experts uncovered a new ransomware threat. This threat goes by the name Junior Ransomware, and when studied, it revealed to be a variant of the Cryakl Ransomware.
Propagation and Encryption
It has not yet been disclosed what the propagation method applied in the spreading of the Junior Ransomware is. However, it is very likely that spam emails containing corrupted attachments, bogus application updates, and pirated variants of legitimate software may be among the infection vectors used by the creators of the Junior Ransomware. When the Junior Ransomware compromises a computer, it perform a scan whose purpose is to locate all the files, which will be marked for encryption. Next, the Junior Ransomware will start the encryption process. Once the Junior Ransomware locks a file, it will change its filename by adding a '.[id-
The Ransom Note
In the next step of the attack, the Junior Ransomware will drop a ransom note named '%= RETURN FILES =&.html,' which reads:
’ All your files was encrypted!
Ur personal ID
Your personal KEY
YOUR FILES HAS BEEN LOCKED!
All important data that was stored on this computer have been stolen due a security problem.
If you want to back them, just write to us by email,.
You have to pay in Bitcoins.
After payment we will send you the software for decrypt that will back all your files.
DO YOU NEED A PROOF?
Before payment you can send us 1-3 files , and we back you restored files for free.
File size should not exceed 1MB.
Please note that files must NOT contain valuable information.
HOW TO PAY
We accept payments in bitcoins, but you do not need to be able to use bitcoins.
You do not need a bitcoin wallet.
I will explain how you can pay using ANY currency in any way convenient to you.
Do not rename files
Do not try to back your data using third-party software, it may cause permanent data loss(If you do not believe us, and still try to – make copies of all files so that we can help you if third-party software harms them)
As evidence, we can for free back one file
Decoders of other users is not suitable to back your files – encryption key is created on your computer when the program is launched – it is unique.’
The authors of the Junior Ransomware do not mention the ransom fee that will be demanded from the victim. They offer to unlock 1-3 files for free, as long as they are no larger than 1MB, as proof that they have a functioning decryption key. The authors of the Junior Ransomware given out an email address where they expect to be contacted for further instructions – 'email@example.com.'
Resist any urge to contact the cybercriminals responsible for the Junior Ransomware. Instead, obtain a reputable anti-virus software suite, which will remove the Junior Ransomware from your computer safely and swiftly.
Do You Suspect Your PC May Be Infected with Junior Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Junior Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.