James Ransomware
The James Ransomware is a file-locker Trojan that can stop your pictures, text documents and other media from opening. The victims of infections may find their media's names modified by additional 'JAMES' extensions without the removal of the original ones. Keeping good backups can neuter most file-locker Trojans' payloads, and various anti-malware applications should delete the James Ransomware as appropriate.
Trojans Calling Out Their Sworn Enemies
Most new builds of file-locker Trojans fall into preexisting categories with a basis on software like Hidden Tear or one of the many Ransomware-as-a-Service businesses, but truly independent examples of these threats exist, as well. The James Ransomware, a new case of the latter, conducts a standard form of dual layer encryption for keeping digital media secure from its owners, along with, potentially, calling out a member of the cyber-security community. However, its long-term financial goals haven't yet become verifiable by malware researchers.
The James Ransomware is a Windows application with average detection rates against most AV products, although early, proof-of-concept builds were successful in their evasive efforts relatively. It uses what malware researchers can confirm as a secure combination of the AES-256 and RSA-2048 encryptions to block files such as images, documents, spreadsheets and other media. An eyebrow-raising trait of this attack is its cosmetic appending of a '.JAMES' extension (which doesn't remove the first extension, for example: 'picture.bmp.JAMES'), which could be a call out to any of several security researchers with experience versus file-locker Trojans.
Most file-locker Trojans create either Notepad TXT and HTML Web pages, or HTA pop-ups for accompanying the ransom notes. However, there is no information available of any ransoming instructions for the James Ransomware's campaign, which is in an experimental state. A future build may sell a decryption service through the Bitcoin cryptocurrency, Paysafecard vouchers or other, non-refundable options.
Saving Your Files from the Wrong Sort of 'James'
Besides a gimmick location check that causes looping crashes if the user runs it from a folder entitled 'James,' the James Ransomware has few bugs or unexpected functions that would hinder its encryption. The AES and RSA encryption methods, in conjunction, can keep the files from opening permanently, unless the user has the appropriate decryption key. As an avenue for data recovery that doesn't depend on the threat actor's largesse, malware experts suggest keeping another backup on an external device that the James Ransomware can't encrypt.
It's too early to track infection methods for the James Ransomware, whose threat actor could abuse spam e-mails, unsafe Web advertisements, or torrents for compromising others' PCs. Business, government, and NGO networks, also, are vulnerable to potential brute-force attacks, which give the criminals access after estimating likely user-password combinations. All standard Web security practices and possessing anti-malware programs for removing the James Ransomware should suffice for keeping your PC's media at little to no risk.
The James Ransomware offers a look at a file-locker Trojan that doesn't innovate much but doesn't need to do so for representing a danger to anyone's work or digital mementos. Its attacks are as powerful as your PC's contents are valuable, which, for most people, isn't an insignificant price.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.