Home Malware Programs Ransomware Jack Ransomware

Jack Ransomware

Posted: May 15, 2019

The Jack Ransomware is the latest in a long-running line of ransomware clones. The Jack Ransomware belongs to the large families of Crysis/Dharma Ransomware offshoots. Crysis has been around for a number of years now and has gone through many iterations. The same is true for Dharma - there have been countless, different builds and tweaks of the threat's code. This means that even though very early versions of Crysis have decryption tools available for them, the current ones, including the Jack ransomware, do not.

The Jack Ransomware does very little to set itself apart from older versions. It changes the extension of the encrypted files, appending a long string to scrambled files. Thus a file that was originally named "beach.jpg" will become "beach.jpg-id-[victim id].[lockhelp@qq.com].jack."

The email used in the ransom note has been changed as well, as is customary with new spinoffs of existing ransomware threats. The bad actors behind the Jack Ransomware decided to use "lockhelp at qq.com" in this instance. The ransom note the Jack ransomware uses does not list a specific ransom sum, and the victims are supposed to contact the bad actors and receive a personalized ransom demand.

Again, there is no available decryptor for this new iteration of Crysis/Dharma, and the Jack ransomware remains a serious threat, even if it's a rework of a known and researched threat.

Related Posts

Loading...