EncryptoJJS Ransomware
Posted: November 7, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 21 |
| First Seen: | November 7, 2016 |
|---|---|
| Last Seen: | August 13, 2022 |
| OS(es) Affected: | Windows |
The EncryptoJJS Ransomware is a file-encrypting Trojan that modifies your image-based media with a cipher intended to block you from opening them. Accompanying symptoms of the EncryptoJJS Ransomware's attacks include Bitcoin ransom requests, in the form of Notepad text files, and new extensions modifying the names of all affected content. Instead of leaving your data recovery up to trusting con artists, you can protect your content with standard backup strategies and anti-malware tools for removing the EncryptoJJS Ransomware upon its detection.
The Threat that's Absconding with Your Photo Album
What kinds of information a threat actor targets in ransoming digital data is almost as important as how he chooses to implement that attack. Some threats target wide ranges of content, increasing the length of the payload's operation but also maximizing the harm done to the PC. For other threats, such as the EncryptoJJS Ransomware, the attack uses narrowly-defined prerequisites isolating very specific types of media.
The EncryptoJJS Ransomware is one of the few file-encrypting Trojans to date that malware analysts can verify for attacking image-based media exclusively. As with similar Trojans, the program scans for files by format, such as GIF, JPG, or BMP, and subjects them to an encryption routine. The EncryptoJJS Ransomware also renames them with the '.enc' extension added to the end of any preexisting extensions (the Trojan shares this tag with another threat, the CryptoHasYou Ransomware).
Once it guarantees that you can't view your pictures, the EncryptoJJS Ransomware creates a text file and places it on the desktop. This message includes instructions on accessing the Trojan's ransom infrastructure, which uses various Russian domains currently, including ioussite.ru and mymalicioussite.ru, which may be placeholders. The EncryptoJJS Ransomware uses an anonymous, Bitcoin-based payment process while offering to help you decrypt and recover your images.
Slashing the Price Tag on a Second Look at Your Pictures
Although some victims may choose to risk paying a con artist in exchange for getting their files returned, this ransom process includes no legal or technical protections validating the decryption process. Most PC owners can protect their pictures and other content from file-encryption Trojans like the EncryptoJJS Ransomware by saving backups to removable devices or remote servers. Malware analysts also report of possible vulnerabilities in the EncryptoJJS Ransomware's encryption method, making it possible that a victim could use free decryption solutions that the PC security sector is making available.
The EncryptoJJS Ransomware contains no other features malware analysts consider prominent enough to be worthy of noting, although the threat may install itself through help from other Trojans harboring the potential for attacks not listed here. Infection vectors most often in use by similar campaigns often rely on e-mail distribution. In other cases, weak passwords on Internet-enabled machines can allow a con artist to gain direct control and install Trojans like the EncryptoJJS Ransomware manually.
By this threat's current detection rates, many anti-malware products should be able to detect and delete the EncryptoJJS Ransomware on sight. The cost of anti-malware protection, even if only stopping this attack, is almost sure to be less than the cost of paying the Trojan's ransom demand of over seven hundred dollars.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.