JavaEncrypt Ransomware

The JavaEncrypt Ransomware is a file-locking Trojan based off of the JavaLocker Ransomware project on GitHub. The JavaEncrypt Ransomware can block your files, change their extensions, and create ransom messages asking for Bitcoin payments. Users should attempt other data recovery solutions as necessary and let their anti-malware services remove the JavaEncrypt Ransomware from their computers.

Free Extortion Resources for the Taking

After assisting the Stantinko Botnet, the Galacti-Crypter Ransomware, and the Karkoff backdoor Trojan indirectly, GitHub's free hosting is becoming the starting point for another Trojan's campaign. The JavaEncrypt Ransomware's first sample catch came from a China-based cyber-security researcher, and immediately displayed connections to a GitHub-hosted software project, JavaLocker Ransomware. However, a threat actor is weaponizing his or her variant of the program for collecting Bitcoin ransoms.

The JavaEncrypt Ransomware is a Windows program that uses DES, instead of AES, for encrypting and locking files, such as Word documents and other media formats. By default, the Trojan excludes Windows folder-based data from its attack but, otherwise, may block most content on the PC's drives. Malware experts can't confirm any security on its encryption method, for now, although there is no free decryptor available for current builds. The JavaEncrypt Ransomware also provides 'javalocker' extensions for the content that it disables.

The ransom note that the threat actor adds to the payload is the JavaEncrypt Ransomware's most different element. The text file doesn't follow the standard naming conventions of such messages, and, instead, uses a unique extension of 'javaencrypt,' along with a demand in the name to open it with Notepad. The contents ask for a Bitcoin ransom of three hundred USD value to the wallet, with an e-mail for gaining access to the decryptor afterward. Presently, there is no available wallet using its address, which may be a placeholder.

The Cheapest Solutions to Totally Free Software Epidemics

All of the builds of the JavaEncrypt Ransomware that malware experts see in circulation are bundling themselves inside of JAR Java archives. Still, this detail does nothing for determining how it circulates. E-mail attachments are popular means of compromising workplace networks, but Exploit Kits on corrupted websites and torrents are likelier attacks versus the average Windows user. Admins also bear the responsibility of choosing passwords that aren't crackable and therefore preventing attackers from running the JavaEncrypt Ransomware manually.

Until a free decryption service becomes available to the public at large, users have few recourses against the aftereffects of the JavaEncrypt Ransomware infections. Besides emphasizing prevention safety steps, malware experts also encourage making extensive use of non-local backup solutions for all digital media. Such precautions are particularly crucial for the JavaEncrypt Ransomware, which, unusually for a file-locking Trojan, targets almost all data outside of the Windows operating system's directory.

Current detection ratios for the JavaEncrypt Ransomware are below optimal levels, in comparison to more well-known Trojan families like Hidden Tear or the Scarab Ransomware. For enhancing threat-detection metrics, you should always update your anti-malware products before running scans for removing the JavaEncrypt Ransomware and similar threats.

The JavaEncrypt Ransomware costs its author nothing but a little time for establishing a new campaign for raking in Bitcoins. The price that its victims pay is, however, somewhat more substantial than that – assuming they're not backing up their work.