JNEC Ransomware
The JNEC Ransomware is a file-locking Trojan that uses partially-corrupted images of women in RAR archives for distributing itself and tricking users into opening it. Its attacks will encrypt and lock media like documents, audio or pictures, and are not reversible. Most anti-malware solutions should identify and remove the JNEC Ransomware correctly, although keeping a regularly-updated backup is equally urgent for recovering all your files.
The Harm that a Little Look can Do to Your Computer
A .NET Framework-built, file-locking Trojan is circulating with the assistance of a partially-corrupted picture and an accompanying software exploit. While many parts of the JNEC Ransomware's features are conventional, it may be the first example of a threat of its kind that's using the CVE-2018-20250 exploit. This WinRAR-specific programming flaw lets the archive ignore the user's choice of a destination folder and, instead, drops into the location of the threat actor's choosing.
The JNEC Ransomware persuades users into the mistake of opening its RAR archive by including an image of a woman making a peace sign. Its payload, however, will load the attacks that file-locker Trojans of most types are famous for using: an AES encryption that blocks media content on your computer, including text documents, spreadsheets, pictures and others. It injects 'Jnec' extensions into their names for showing which files will not open.
After a further examination of its features, malware researchers are categorizing the JNEC Ransomware as being independent of families like the Scarab Ransomware. However, it does drop Notepad ransoming messages and launch pop-ups, much like many Ransomware-as-a-Service businesses. The JNEC Ransomware provides a decryption key through expecting the victims' registering a custom e-mail address on their end before paying the Bitcoin ransom of 0.05 (USD equivalent: two hundred dollars). Due to glitches in its encryption, the file-lock is, unfortunately, not reversible, even for those paying and receiving the threat actor's full cooperation.
Putting the Image of a Bad Future Out of Sight
Backing up your files is always an integral part of computer security, but it's at its most important for counteracting infections by file-locking Trojans with bugged payloads. This category includes more than just the JNEC Ransomware but also threats like the KingOuroboros Ransomware from 2018 and the Blue Eagle Ransomware from the year before that. One out of two brands of security solutions, as well, are identifying the JNEC Ransomware's RAR archive as a danger and should intercept the victim's opening it.
The circulation strategy that the JNEC Ransomware's archive is using isn't identifiable with the evidence available to malware researchers, right now. Its threat actor could be using torrents, freeware websites, malvertising campaigns or other exploits. Users with anti-malware protection should be deleting the JNEC Ransomware on sight, regardless, but any infections hold a risk of causing damage that's not directly reversible with a decryptor.
The JNEC Ransomware is an innovator in its installation tactic but a sloppy traditionalist in its attacks. Don't depend on the programming expertise of criminals for whether or not your files are safe when there are so many alternative recovery methods using publicly-available backup resources.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.