juwon Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | January 21, 2019 |
| Last Seen: | March 6, 2020 |
| OS(es) Affected: | Windows |
The juwon Ransomware is distributed through spam email messages mainly, often containing file attachments in the form of corrupted Microsoft Word files. The juwon Ransomware will be installed onto the victim's computer by these attachments. The purpose of the juwon Ransomware attack is to take over the victim's computer, using a strong encryption algorithm to make the victim's files inaccessible and then demanding a ransom for the decryption key needed to restore the affected data.
How the juwon Ransomware Attacks a Computer
There are signs that the juwon Ransomware is still under development, and versions of the juwon Ransomware that have been intercepted by PC security researchers have shown an evolution in their capabilities from one version to the other. For example, the juwon Ransomware's early versions were incapable of encrypting victims' data. The juwon Ransomware uses the AES 256 encryption to make the victim's files inaccessible, targeting the user-generated files, which may include the files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The juwon Ransomware's Ransom Demand
The juwon Ransomware will display a ransom note after encrypting the victim's files The juwon Ransomware displays its ransom note in the form of a program window with the following message:
'Explanation
Sorry. The computer is encrypted by a military level algorithm by
jw ransomware and can not be accessed. To recover you must enter
your password or purchase a decryptor. The moment you cclose this program,
your computer will be a fool. Seojuwon is a computer genious. Faiure to
enter the password within 24 hours will destroy the computer. Typing
juwon will display a password hint. And when you give up, your computer
is instantly destroyed.
Bit coin address [random characters] [copy|BUTTON]
[Tor browser|BUTTON] select the bit coin address, then press the cpoy button
password [TEXT BOX] [enter|BUTTON]
Payment Method: Purchase Bitcoin 1- and send it to this address, or buy the coucher and send the code to seojuwon0622@gmail.com'
The ransom of 10 Bitcoin, more than 35,000 USD at the current exchange rate, is unreasonable entirely for an attack of this type and it is very unlikely that the criminals have the intention of allowing the victims to recover their data. Because of this, it is essential that computer users protect their data from threats like the juwon Ransomware with the help of a security program that should always be updated and by having backup copies of all data and storing these backups on the cloud or an external memory device.
