'.jes File Extension' Ransomware

The '.jes File Extension' Ransomware is a ransomware Trojan that belongs to a large family of ransomware Trojans that have stemmed from a threat known as Jigsaw, which was initially branded after the Saw movie franchise. The '.jes File Extension' Ransomware was first observed on March 6, 2018, and seems to target computer users in Spanish speaking regions. The '.jes File Extension' Ransomware is being distributed through corrupted spam email messages that impersonate companies commonly associated with the geographical regions targeted by the '.jes File Extension' Ransomware attack. As far as the '.jes File Extension' Ransomware is a threat itself, there is very little to differentiate the '.jes File Extension' Ransomware from other encryption ransomware Trojans that use a similar attack. At its core, the '.jes File Extension' Ransomware is designed to encrypt victim's files, making them inaccessible, and then demanding a ransom payment from the victim to, supposedly, restore access to the affected files.

Symptoms of a '.jes File Extension' Ransomware Attack

The '.jes File Extension' Ransomware will use a strong encryption algorithm to make the victim's files inaccessible and then will mark files encrypted by the attack with the file extension '.jes' to make it clear which files will no longer be accessible on the infected computer. The following are examples of the files that may be targeted by ransomware attacks like the '.jes File Extension' Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The '.jes File Extension' Ransomware will deliver a ransom notification written in Spanish entirely once the victim's files have been encrypted. This file uses a threatening tone, claiming that the victim's files will be deleted exponentially until the victim contacts the people behind the attack. The following is the '.jes File Extension' Ransomware ransom note:

'Hola Cycsas, este es un Ransomware REAL que ha sido modificado para fines explicativos...
Entonces comienza el mensaje que normalmente deberia ser reproducio:
Your personal files are being deleted Your photos, videos, documents, etc...
However I've already encrypted your personal files so you cannot access them.
Every hour I select some of them to delete permanently,
therefore I won't be able to access them either.
Are you familiar with the concept of exponential growth? Let me help you out.
It starts out slowly then increases rapidly.
During the first 24 hour you will only lose few files,
the second day a few hundred, the third day a few thousand, and so on.
If you turn off your computer and try to close me, when I start next time
you will get 1000 files deleted as a punishment.
Yes, you will get 1000 files deleted as a punishment.
Yes you will want me to start next time, since I am the only one that
is capable to decrypt your personal data for you.
Now let's start and enjoy out little challenger together'

Dealing with the '.jes File Extension' Ransomware

The '.jes File Extension' Ransomware uses imagery associated with the Lovecraft universe in its ransom note. Fortunately, the threats from the Jigsaw family have been cracked, and decryptors are available for other variants in this family. PC security researchers advise computer users to attempt to use these decryption programs to recover access to the files compromised by the '.jes File Extension' Ransomware attack after using an updated security program to remove the Trojan itself.