J-Ransom Ransomware
Posted: July 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 8 |
First Seen: | July 4, 2017 |
---|---|
OS(es) Affected: | Windows |
The J-Ransom Ransomware is a variant of the ZeroRansom Ransomware Trojan, which locks your files and creates text-based messages telling you to pay for the unlocking solution. This Trojan uses a slightly different encoding method from its ancestor and may require specialized software for decoding any media it blocks. Malware experts recommend investing in backups to keep decryption from becoming a necessity and having anti-malware products for deleting the J-Ransom Ransomware safely.
Trojans Starting Off Their Attacks on the Wrong Foot
While the mere act of encrypting data doesn't have to be very complex, threat actors can gain a great deal from investing in secure encoding methods that keep third parties from cracking the solutions. Not every family of threats, however, has this kind of work put into it. The J-Ransom Ransomware, a new Trojan deriving almost all of its code from the ZeroRansom Ransomware, is somewhat exceptional for being a worse version of the original Trojan.
The J-Ransom Ransomware and the ZeroRansom Ransomware both use the AES-based encryption algorithms for locking a handful of data types, such as archives, documents and pictures. The J-Ransom Ransomware also uses a new extension ('.LoveYou') added to the end of their names, along with a slightly different name for its 'readme' ransoming message. Since the latter includes no details for how to pay the threat actor or make further negotiations, malware experts only can presume that the J-Ransom Ransomware still is being built, rather than ready for release into the wild.
This Trojan also uses C&C networking communications for handling its attack information, such as passing intelligence about the infection and encryption routine to its administrators. However, the J-Ransom Ransomware also displays a vital diverging detail from its ancestor: using the preset 'password' string for its password. The fact that this text is hard-coded into the J-Ransom Ransomware, along with its reusing the initialization vector as a key, simplifies the data-unlocking process significantly.
Burning Love Letters from Incompetent Hackers
The J-Ransom Ransomware testifies to the great love con artists have for making unearned profits, even when their greed outstrips their competence at the crimes they're committing. Victims of the J-Ransom Ransomware can contact security researchers with experience in analyzing file-encrypting threats to recover their files, which this Trojan locks using highly insecure methods. However, updates to the J-Ransom Ransomware could change the above details, and malware analysts don't recommend depending on decryption for saving any valuable media, which sometimes is unavailable to major families of Trojans.
Analyses of the J-Ransom Ransomware's ransoming details imply that its authors have yet to complete the Trojan and release it to any live targets. If they do finish the Trojan and launch its campaign, they could circulate it through several means, including HTML-loading exploit kits or e-mail attachments. Combining good Web-browsing habits with passive, anti-malware protection can eliminate most of these vulnerabilities and remove the J-Ransom Ransomware as soon as it intrudes on your system.
If all file-encoding threats were as limited as the J-Ransom Ransomware, their headlines in news media would be much smaller than they are. Even so, just as youths grow to adulthood, the J-Ransom Ransomware could be updated into a serious contender against Hidden Tear or the Jigsaw Ransomware, in time.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.