JeepersCrypt Ransomware
Posted: April 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | April 24, 2017 |
|---|---|
| Last Seen: | August 17, 2022 |
| OS(es) Affected: | Windows |
The JeepersCrypt Ransomware is a file-encrypting Trojan that can stop you from opening your local media until you agree to pay the ransom demands shown in its pop-up messages. Either free decryption applications or preexisting backups can help you restore your content without agreeing to any extortion on the part of the threat actor. Various forms of anti-malware security also can hope to intercept or remove the JeepersCrypt Ransomware while limiting any damage to your PC's files.
Brazilian PCs Get a New Creeper
While English-based Trojans act as the current majority of file-encryption-based threats, Portuguese ones targeting Brazil also are a particularly significant minority. New samples are just being identified of a Trojan sending its ransom demands to victims in just that nation, including an easy-to-use decryption feature with a timer for an incentive. The JeepersCrypt Ransomware's family has yet to be determined, although malware experts do see file data from this threat placing it back to at least late 2016.
The JeepersCrypt Ransomware uses small ransom demands comparatively, albeit still protected with cryptocurrency-based transactions, to encourage fast but low-value payments from any victims. It may be installing with EKs like the RIG Exploit Kit, or through freely downloaded software bundles. Once it gains system access, the JeepersCrypt Ransomware leverages an encryption routine using a cipher malware experts have not yet verified, although a variant of AES or XOR is probable.
The JeepersCrypt Ransomware's encryption attack blocks files such as documents, spreadsheets, or archives from opening. It also flags the locked content with the unique '.jeepers' extension, which may overwrite the original format tag or be appended to the end of the filename. Then, the threat launches an advanced HTML pop-up that asks for the victim to unlock the files through e-mail negotiations with its threat actor, requiring a Bitcoin payment equal to 25 USD in value.
Keeping Your Peepers from Spying a Foreboding Extension
Like the WinSec Ransomware and similar threats, the JeepersCrypt Ransomware shows that Brazil is retaining a high placement with preferred geographical regions for threat authors to target with their cyber extortion campaigns. While this Trojan hasn't been seen active until April, weaknesses in its encryption routine have allowed third-party security researchers to develop a possible decryption solution that can unlock your files without charge. PC users not encouraged by the prospect of gambling with this software should copy their media to a location that malware analysts rate as being safe from threats of this type (such as an unattached USB drive).
Most distribution methods for threats of this type involve the abuse of browser vulnerabilities, unsafe account passwords, e-mail spam or mislabeled downloads. Disabling unneeded browser features, using passwords with both high length and alphanumeric complexity, and scanning new files with your anti-malware products can detect or otherwise block most of the above infection vectors. Current industry-wide anti-malware solutions are identifying this threat at high rates and should remove the JeepersCrypt Ransomware with few problems other than any long-term effects from its encryption.
Any country with bustling economic activity is operating with something of a two-edged sword. PC owners with money to spend, by definition, also have money to lose to Trojans like the JeepersCrypt Ransomware, which one can find in the most unexpected of places.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:dir\JeepersCrypt.exe
File name: JeepersCrypt.exeSize: 573.95 KB (573952 bytes)
MD5: 8010e9438b3aa499604b619878a76a0f
Detection count: 55
File type: Executable File
Mime Type: unknown/exe
Path: dir
Group: Malware file
Last Updated: August 17, 2022