Home Malware Programs Ransomware '.jes File Extension' Ransomware

'.jes File Extension' Ransomware

Posted: March 7, 2018

The '.jes File Extension' Ransomware is a Trojan that locks your files, displays a pop-up ransom note and deletes additional files under multiple conditions. This threat is a member of the Jigsaw Ransomware family, and like many variants of that Trojan has the potential to cause further data loss when the system restarts or after an elapsed amount of time. Back up your work when appropriate, use traditional security protocols for disabling this threat, and have your anti-malware products uninstall the '.jes File Extension' Ransomware.

The Horrors from the Deep that Delete Your Files

Another version of the mass file-deleting Trojan, Jigsaw Ransomware, is deploying throughout Spanish-speaking regions and includes all of the old program's features for encryption, data erasure, and extortionist pop-ups. The '.jes File Extension' Ransomware themes itself after one of the most famous creatures in cosmic horror fiction, but the tangible, non-cosmetic aspects of its payload are well-understood features that, nonetheless, are potentially endangering to almost all the content on your PC. Malware experts see at least two hoaxes by which the '.jes File Extension' Ransomware may be installing itself without the victim's informed consent.

According to the file data available on the latest samples, the '.jes File Extension' Ransomware is circulating either as a fake Web browser, such as Firefox, or a Facebook password-retrieval tool. Notably, the copyright information misspells the Mozilla company's name (as 'Mozzilla'). Typical infection vectors for such threat installers include file-sharing networks, like torrents, compromised ad-serving networks, and corrupted websites.

Just like the first Jigsaw Ransomware, the '.jes File Extension' Ransomware uses an encryption routine with an algorithm such as the AES to lock different media kinds like your text documents. The '.jes File Extension' Ransomware and the Jigsaw Ransomware also include two kinds of auto-triggering, file-deleting attacks:

  • The '.jes File Extension' Ransomware deletes an additional one thousand files whenever it restarts after the initial install routine's completion. This triggering precondition means that the attack occurs after every system reboot that doesn't use additional security steps for disabling the Trojan.
  • The '.jes File Extension' Ransomware also can delete more of the victim's files each hour, regardless of any other actions taken.

The '.jes File Extension' Ransomware delivers a ransom message for the victim's reading through a pop-up window. Instead of the 'Saw' movie theme, the '.jes File Extension' Ransomware promotes the Lovecraftian undersea monster, Cthulhu, with its background image. Associated changes to the ransoming details also imply that new threat actors are deploying the '.jes File Extension' Ransomware, as opposed to the original author of the Jigsaw Ransomware.

Keeping Sea Monsters Under the Waterline

The dangers of the Jigsaw Ransomware family require an additional degree of caution whenever a user undertakes any actions that could restart the Trojan, along with needing a rapid response time for minimizing any hourly data loss. Malware experts encourage rebooting through a separate device, such as any USB-loaded operating system, and avoiding restarting the original OS until after complete disinfection. The '.jes File Extension' Ransomware's family does include weaknesses in the encryption routine that could allow the victims to, theoretically, recover their locked files with appropriate freeware tools offered by various members of the anti-malware sector.

Although the '.jes File Extension' Ransomware is targeting Spanish speakers, the data encryption can affect different systems without the local language settings providing any protection necessarily. Users should be cautious about all traditional infection strategies for file-locking Trojan campaigns, including e-mail attachments, malvertising (unsafe advertisements), non-secure file-sharing networks, and websites promoting illicit content or fake updates. Standard anti-malware suites should protect your PC from these compromise methods and delete the '.jes File Extension' Ransomware before it can install itself and delete or encrypt any media.

Among ransomware, the Jigsaw Ransomware is scarcely less of a name in large-scale destruction than the alien deity that the '.jes File Extension' Ransomware's image references. Awakening a sleeping giant that plunders your work is, often, no harder than downloading the wrong file and forgetting to back your work up before doing so.

Loading...