Jwjs Ransomware
Jwjs Ransomware is a new data-locker, which targets regular users on the Web. Ransomware threats are one of the nastiest types of malware you can come across. If a file-locker infiltrates your computer, it will encrypt all your files and ask you to pay a ransom fee in exchange for a decryption key that is supposed to recover your data.
Propagation and Encryption
It is not exactly known how the Jwjs Ransomware is being propagated. It is likely that the attackers are using spam emails to spread this Trojan. The targeted users would receive an email that contains a fraudulent message, which is designed to either trick them into opening a malicious link or downloading a macro-laced attachment, which carries the payload of the Jwjs Ransomware. Some other popular distribution methods include fake social media posts, torrent trackers, bogus application updates, malvertising operations, etc. The Jwjs Ransomware targets documents, spreadsheets, presentations, databases, archives, images, audio files, videos, and many other filetypes. When the Jwjs Ransomware infiltrates your system, it will scan your data and begin encrypting your files. The Jwjs Ransomware would use an encryption algorithm to lock the targeted files. Upon locking a file, the Jwjs Ransomware adds a new extension to its name –' .id=.[recoryfile@tutanota.com].jwjs.' For example, a file named 'butter-cream.pdf' will be renamed to 'butter-cream.pdf.id=.[recoryfile@tutanota.com].jwjs.'
The Ransom Note
The Jwjs Ransomware drops a ransom note named 'ReadMe.txt.' In the ransom note, the attackers do not mention a specific ransom fee but make it clear that regardless of what the sum is, it should be paid in Bitcoin. The creators of the Jwjs Ransomware offer two email addresses where users can contact them – ‘recoryfile@tutanota.com' and ‘backfile99@protonmail.com.' The attackers are willing to decrypt up to five files for free, as long as they do not exceed 4Mb in size and do not contain any important information. The authors of this threat include instructions on how to obtain Bitcoin in order to pay the ransom fee.
It is not a good idea to cooperate with cybercriminals like the creators of the Jwjs Ransomware. You may not receive the decryption tool you need even if you follow the instructions of the attackers strictly and pay the fee demanded. This is why you should consider removing the Jwjs Ransomware from your system via a legitimate PC security tool.
