Jewsomware Ransomware
The Jewsomware Ransomware is a file-locking Trojan that hides its harmful encryption attacks behind fake Windows updates. When it finishes blocking documents and other media, it creates pop-up ransoming messages, which the victim should ignore in favor of alternate data-restoration solutions, if at all possible. Have your anti-malware programs remove the Jewsomware Ransomware once they identify it and keep additional backups on other storage devices or PCs for keeping this Trojan's damage to a minimum.
A Racist Joke is Coming for Your Files
While many file-locker Trojans conduct their work in secret, some prefer relying on distractions instead of perfect stealth. Malware experts are just noting a file-locking Trojan whose development goes back to the middle of 2017, although available samples are appearing only a year after the fact. The Jewsomware Ransomware uses a tactic similar to that of the BlackSheep Ransomware, the Manifestus Ransomware, the SecretSystem Ransomware or the Fantom Ransomware: tricking the victims into inaction by showing fake Windows updates.
The Jewsomware Ransomware imitates the Windows 10 update screen with a borderless pop-up, including all of the standard text and the rotating circular loading symbol. While it uses this window for keeping the user from interfering, it encrypts the user's media, such as Word or PDF documents, Excel spreadsheets, JPG pictures, MP3s audio or ZIP archives. Once the user can re-access the Windows interface, he'll find these files locked with the addition of a '.jewsomware' extension.
The Jewish denigration continues with the second pop-up that the Jewsomware Ransomware launches after completing the file-locking routine. This secondary window displays a traditional caricature of a Jewish man, along with a ransom note, warning timers for price increases and file deletion, and a field for entering the decryption password. Current versions of the Jewsomware Ransomware should be decryptable relatively easily by any cyber-security experts with some cryptography experience, and malware researchers recommend against paying the ransom regardless of the value of your files.
Calming a Caricature of Greed
Although the Jewsomware Ransomware claims that it includes a feature for erasing your files, similar to that of the notorious Jigsaw Ransomware, malware researchers can't corroborate such an attack in the versions of available to analysis. Due to the only verifiable samples being one year old, any development on this threat also is, apparently, complete. Besides decrypting the locked data with the help of a third-party, victims also keep backups on other devices for fast restoration of any work that doesn't depend on breaking the encryption algorithm.
The Jewsomware Ransomware offers limited evidence of how it might infect any users, and, for now, there is no confirmation of a live attack that's deploying this file-locking Trojan. Two of the most widely-anticipated infection exploits for threats of the same category include e-mail messages with corrupted documents pretending that they're invoices and brute-force attacks against servers with non-secure login credentials. A majority of anti-malware applications are detecting this threat and should delete the Jewsomware Ransomware without needing any help from the user.
The Jewsomware Ransomware is one of the most cartoonish and least-threatening Trojans with encryption-based attacks for the year. While a victim might be thankful to suffer infections from a threat whose attacks are curable, it would be better to avoid putting your files in such a threatening bargaining position at all.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.