JCry Ransomware
The JCry Ransomware is a file-locking Trojan that's a part of the OPJerusalem anti-Israel campaign. Its threat actors attempted circulating it by compromising Israel government websites, although the drive-by-download included bugs that prevented installations from occurring. The users, still, are in danger from this threat and should have backups for their media and anti-malware protection for deleting the JCry Ransomware promptly.
Anti-Israel Fervor Reaching a Trojan Fever Pitch
OPJerusalem, the annual series of attacks aiming to eliminate Israeli presence from the Internet, is declining in participatory numbers from thousands to only hundreds of members. However, 2019 remains a time of activity for the campaign, which, now, encloses one of the most popular Black Hat software: a file-locker Trojan. Fortunately, malware experts find the JCry Ransomware's incapable of installing through its current exploits, although future ones will, likely, correct the interfering bug.
The JCry Ransomware is a unique file-locking Trojan using the GO programming language, just like the YourRansom Ransomware or the Germany-attacking '.braincrypt File Extension' Ransomware. Its threat actors tried circulating it by compromising a sub-domain of nagishi.co.il and inserting a fake Flash update. Non-Windows users only see a defaced Web page, but Windows ones, in theory, will download a fraudulent Adobe Flash Player that serves the JCry Ransomware. Thankfully, malware experts can verify a minor error in a comparison line that prevents the download from happening.
The JCry Ransomware's infection strategy targets Israeli users, specifically, but its payload can affect most Windows systems. The JCry Ransomware uses RSA with a public and a private key for encrypting and locking files, including documents and other media, and adds 'jcry' extensions as suffixes for their names. As per most file-locker Trojans' habits, the JCry Ransomware can delete the Shadow Volume Copies, as well, which prevents the users from recovering from Windows' backups.
Stopping the Crying over the JCry Ransomware
Despite its political agenda, the JCry Ransomware's encryption is suitable for harming media on Windows systems outside of Israel and holds them hostage with an accompanying, pop-up-based ransom note. However, malware analysts are finding various limitations in the Trojan, including a hard-coded key that could help with the developing of a free decryption application, failing to bypass UAC installation prompts and VBS script errors. An appropriate backup strategy is a natural solution to file-locker Trojans' infections, particularly, since the JCry Ransomware's hard-coding code is an exception to the general rule.
Flash update tactics are responsible for distributing more threats than file-locker Trojans like the JCry Ransomware, and any future attacks from the JCry Ransomware are likely of working as intended (due to the simplicity of correcting the comparison bug). The users always should navigate to the official company website for downloading updates, instead of relying on redirects from unrelated sites that could be corrupted or hacked. Anti-malware programs of most brands should detect and remove the JCry Ransomware, but can't decrypt files or reverse its attacks.
Fewer participants in OPJerusalem mean fewer threats, but not none. The JCry Ransomware is reminding Israel that it has cause for caution, but the protection it mandates is nothing more than they already should have in place.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.