Threat Database Ransomware juwon Ransomware

juwon Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: January 21, 2019
Last Seen: March 6, 2020
OS(es) Affected: Windows

The juwon Ransomware is distributed through spam email messages mainly, often containing file attachments in the form of corrupted Microsoft Word files. The juwon Ransomware will be installed onto the victim's computer by these attachments. The purpose of the juwon Ransomware attack is to take over the victim's computer, using a strong encryption algorithm to make the victim's files inaccessible and then demanding a ransom for the decryption key needed to restore the affected data.

How the juwon Ransomware Attacks a Computer

There are signs that the juwon Ransomware is still under development, and versions of the juwon Ransomware that have been intercepted by PC security researchers have shown an evolution in their capabilities from one version to the other. For example, the juwon Ransomware's early versions were incapable of encrypting victims' data. The juwon Ransomware uses the AES 256 encryption to make the victim's files inaccessible, targeting the user-generated files, which may include the files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The juwon Ransomware's Ransom Demand

The juwon Ransomware will display a ransom note after encrypting the victim's files The juwon Ransomware displays its ransom note in the form of a program window with the following message:

Sorry. The computer is encrypted by a military level algorithm by
jw ransomware and can not be accessed. To recover you must enter
your password or purchase a decryptor. The moment you cclose this program,
your computer will be a fool. Seojuwon is a computer genious. Faiure to
enter the password within 24 hours will destroy the computer. Typing
juwon will display a password hint. And when you give up, your computer
is instantly destroyed.
Bit coin address [random characters] [copy|BUTTON]
[Tor browser|BUTTON] select the bit coin address, then press the cpoy button
password [TEXT BOX] [enter|BUTTON]
Payment Method: Purchase Bitcoin 1- and send it to this address, or buy the coucher and send the code to'

The ransom of 10 Bitcoin, more than 35,000 USD at the current exchange rate, is unreasonable entirely for an attack of this type and it is very unlikely that the criminals have the intention of allowing the victims to recover their data. Because of this, it is essential that computer users protect their data from threats like the juwon Ransomware with the help of a security program that should always be updated and by having backup copies of all data and storing these backups on the cloud or an external memory device.


Most Viewed