Jdyi Ransomware Description
The Jdyi Ransomware is a file-locking Trojan that's part of a well-known Ransomware-as-a-Service, STOP Ransomware (or Djvu Ransomware). Because it uses frequently-secure encryption for locking the user's files, backups are essential for minimizing loss of documents and other data from infections. Traditional PC security services also will stop most attacks and should remove the Jdyi Ransomware from compromised systems.
The Next Stop along the Business Track of Trojan Racketeering
Fast distribution under many 'brand names' makes up a significant portion of the Ransomware-as-a-Service business model. Thus, it's not surprising that the STOP Ransomware RaaS continues growing. The Jdyi Ransomware is, by all appearances, a standard update to the group, with the hiring threat actor providing a different extension on a long-since-polished package of data attacks. The purpose, as always, is blocking off strangers' files and making money by doing so.
Functionally, the Jdyi Ransomware is identical to past samples from the Ransomware-as-a-Service, such as late the 2020's Iiss Ransomware, the Foqe Ransomware, the LYLI Ransomware, and the Vari Ransomware. Some of its most significant features include:
- The Trojan can encrypt the user's media (documents, pictures, audio, and similar formats) with an algorithm that it protects with a key that's either C&C-downloaded or internal. This process stops the files from opening without the decryption service that the threat actor holds in their possession.
- It may wipe localized backups by system commands that delete the Shadow Volume Copy data.
- Some websites may not load due to the Trojan's modifying the Hosts file, which maps domains to IP addresses. The STOP Ransomware family often uses this feature for blocking users from helpful resources such as Microsoft.com and other PC security sites.
The payload's extortion side is relatively simple and involves promoting its ransom decryption service with file extensions and notes (in TXT and, possibly, HTA formats). The costs of ransoms from the Djvu Ransomware family are standardized across variants at just under five hundred USD, assuming a prompt response from victims. However, users always run a risk when paying these ransoms since RaaS-using criminals aren't credible actors and might not help with the data recovery afterward.
Reliable Barricades against Supposedly-Random Trojans
The Jdyi Ransomware's name provides few hints on its distribution channels; most versions of the STOP Ransomware family in 2020 will use random strings of four alphabet characters. Furthermore, malware experts see equally-random names in the different installers for the Jdyi Ransomware and no identifying characteristics like signatures or copyright info. As such, users should lean on traditionally-effective protocols for protecting internet-connected Windows systems from the Jdyi Ransomware.
Users should save backups to other storage devices, if possible, since the Jdyi Ransomware can delete the Restore Points. However, reliable PC security suites should catch and remove the Jdyi Ransomware before it can begin harming any files, as of current database detection rates.
The latest alphabet-scrambling of the Jdyi Ransomware's name might be all it contributes to the threat landscape besides the renewed appreciation for the 'live' aspect of a Ransomware-as-a-Service. Taking one's eyes off essential data security and redundancy is an open door for the Jdyi Ransomware's family and one that all Windows users should leave tight-shut.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Jdyi Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.