ChinaJm Ransomware
The ChinaJm Ransomware is a file-locking Trojan that's not a part of a Ransomware-as-a-Service, although it borrows some code from older Trojans. The ChinaJm Ransomware attacks Windows environments with a data-encrypting feature that holds files for ransom. Affected users should have backups properly stored for recovering and let their anti-malware products disinfect their systems and remove the ChinaJm Ransomware.
Asian Trojans with Indiscriminate Attacks
Software recycling with the Trojan industry takes place on a small scale as well as a greater, Ransomware-as-a-Service familial one. A threat with code similarities to the Pojie Ransomware, which targets Chinese-speaking victims, is getting its due verification as a new variant. The ChinaJm Ransomware, the case under malware analysts' microscope, also borrows code from an even more obscure Trojan going by the name of Barack Obama's EBBV Ransomware.
Unlike Pojie Ransomware, the ChinaJm Ransomware, despite its name's implications, uses English for delivering its ransom demands. Many of its other areas are typical for a file-locking Trojan, such as being compatible with Windows, using RSA-secured AES for blocking media files, and adding part of its name into the media's extensions. Garbled characters in the title of its ransom note also suggest that it might be named in Chinese characters even though the interior is in English.
A member of Intezer Labs also suggests that the ChinaJm Ransomware includes a cryptocurrency-mining function. Such features can cause hardware damage and performance problems while they're generating money for the attacker. However, malware researchers can't confirm this capability, although they see unmistakable evidence of the encryption that locks the user's pictures, documents, and other files.
Keeping the Chinese Black Market Out of Your Files
Unlike Barack Obama's EBBV Ransomware, the ChinaJm Ransomware uses a toned-down ransoming message in Notepad's TXT instead of a graphical popup. Users should remain cautious about paying a ransom, which never has any certainty of giving back a positive outcome for one's files. Malware experts recommend leaning on offsite, password-secured backups for all data recovery needs.
Initial investigation into the ChinaJm Ransomware also implies that the Trojan is pretending that it's a Chinese application as its distribution tactic. Although most large application stores include security protocols for countering illegal uploads, these protections are necessarily imperfect. Users can scan their downloads for threats, check reviews, and avoid smaller, more unknown websites or torrents as download resources.
Most Windows machines will delete the ChinaJm Ransomware automatically with the help of any reputable anti-malware product. While the ChinaJm Ransomware includes a digital certificate for 'authenticity,' current verification issues with the signatures mean that up-to-date and reliable cyber-security products will recognize the threat.
Getting one's files locked with encryption is more than a Chinese phenomenon, but Trojans will go where populations and money accumulates. Whatever side of China's borders one is on, just having an internet-connected Windows computer is sufficient to cause for fearing the ChinaJm Ransomware's attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.