Jack Ransomware
The Jack Ransomware is the latest in a long-running line of ransomware clones. The Jack Ransomware belongs to the large families of Crysis/Dharma Ransomware offshoots. Crysis has been around for a number of years now and has gone through many iterations. The same is true for Dharma - there have been countless, different builds and tweaks of the threat's code. This means that even though very early versions of Crysis have decryption tools available for them, the current ones, including the Jack ransomware, do not.
The Jack Ransomware does very little to set itself apart from older versions. It changes the extension of the encrypted files, appending a long string to scrambled files. Thus a file that was originally named "beach.jpg" will become "beach.jpg-id-[victim id].[lockhelp@qq.com].jack."
The email used in the ransom note has been changed as well, as is customary with new spinoffs of existing ransomware threats. The bad actors behind the Jack Ransomware decided to use "lockhelp at qq.com" in this instance. The ransom note the Jack ransomware uses does not list a specific ransom sum, and the victims are supposed to contact the bad actors and receive a personalized ransom demand.
Again, there is no available decryptor for this new iteration of Crysis/Dharma, and the Jack ransomware remains a serious threat, even if it's a rework of a known and researched threat.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.