JayTHL Ransomware
The JayTHL is a file-locking Trojan that's an update of the SamSam Ransomware. Its payload has changed the ransoming message and theme but offers the same attacks based on encrypting files so that they can't open. Let your anti-malware programs remove the JayTHL as soon as they identify it and maintain secure backups for covering any potential damage it might cause.
More Server Problems with Added Insults to the Injury
The JBoss server-abusing SamSam Ransomware is showing up again, although with changes that make it evident that a new threat actor is at the helm. This variant, the JayTHL, themes itself after a cyber-security researcher's Twitter handle and includes extra content denigrating that individual. For everyone else, however, the JayTHL is just another Trojan that wants money for locking your files up in a cage of encryption.
The JayTHL's threat actor, likely, have little experience in programming since most of the Trojan's code is identical to that of the SamSam Ransomware, including internal strings referencing the original one's name. Like the second Trojan (also known by 'Samas'), the JayTHL uses AES encryption without needing a server connection for completing the attack. This method lets it lock digital media throughout the infected systems – generally, vulnerable local networks or servers – and hold them for ransom.
The JayTHL adds 'JayTHL' extensions into filenames for its thematic marker of preference, and also creates a CMD window and a ransom note. Both of these last two elements include vulgar taunts against the security researcher. However, the JayTHL's message also has instructions for paying a Bitcoin ransom. After inspecting the wallet link, malware experts deem it non-functional, for now.
Stopping Haters from Getting the Upper Hand on Your Media
The JayTHL's predecessor collected hundreds of thousands of dollars in ransom money, with victims including semi-prestigious entities like the Atlanta city government. While the JayTHL is a much lower-effort project than the SamSam Ransomware, it has an equivalent capacity for harming documents and other files. Users also can't depend on local Windows backups for recovering work since nearly all file-locking Trojans will wipe them.
While it's running, users might detect the JayTHL's process as a fake Windows update, but preventing infection always is the preferable course of action. Disabling remote admin features, using secure passwords, updating server software, and avoiding risky downloads (including unexpected attachments in e-mails) are effective ways of protecting your PC. Most Windows systems are at risk from both the JayTHL and the SamSam Ransomware, except for pre-Vista builds.
Why the JayTHL's author has a grudge against a particular cyber-security researcher may become an amusing tale to tell, one day. For now, though, it's just a whimsical footnote in the story of an otherwise-serious threat.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.