JoeGo Ransomware

The JoeGo Ransomware is a variant of the Go Ransomware, a file-locking Trojan that encrypts your media so that it will not open and creates ransoming messages in Czech pop-ups. Victims of its attacks should depend on backups for recovering any data, when it's possible, although members of the cyber-security community may be able to help with decryption. Anti-malware software can provide additional protection by deleting the JoeGo Ransomware on sight or uninstalling it after infection.

Just Call this Trojan's Update 'Joe'

The Go Ransomware, the file-locker Trojan known for its unpopular choice of nationality for ransoming is showing an impressively quick update, even for threats of its kind. The variant of this family-less Trojan, the JoeGo Ransomware, doesn't change nationalities, and still blocks files for selling its unlocking service to Czech-based victims. However, sources are indicating under-the-hood improvements to the JoeGo Ransomware's cryptography that could complicate any recovery of sabotaged files.

The JoeGo Ransomware, like its recent predecessor, infects Windows environments and may use a disguise, such as an e-mail-attached bill or fax machine alert, for getting onto your computer. After either tricking the user or getting its installation with the assistance of a remote attacker, the JoeGo Ransomware starts searches for media that's worthy of blocking with its encryption algorithm. This content can include Word's documents, Excel's spreadsheets, JPG, GIF or BMP pictures, archives like ZIP and RAR and other media. After locking them, it adds the rather self-explanatory '.LOCKED' extension to the ends of their names.

Malware researchers are finding no differences in formatting with the JoeGo Ransomware's ransoming pop-up from a similar warning message on the Go Ransomware. This window gives text instructions, in Czech-language, only, for paying 0.05 Bitcoins (between two and three hundred USD) for buying the threat actor's help for reversing the decryption. Until then, the files will not open. The niche language choice is one of the few factors of note in the JoeGo Ransomware and the Go Ransomware, although it doesn't impede the encryption from harming users' files in other countries.

Changing a Trojan into JoeGone

With threat actors updating their plans of attack so regularly, it behooves PC owners in general and all device owners with any valuable files to keep their data under proper security measures. Intact backups are the only sure solution to any file-locking Trojan and are safest on devices that Internet-connected systems can't access without going through other security protocols, such as a separate login. Nearly all types of file-locking Trojans will delete the Windows' Shadow Volume Copies, although victims of the JoeGo Ransomware infections may double-check their Restore Points for a possible failed erasure.

Malware researchers recommend against enabling macros for untrustworthy documents, which form a significant infection vector for threats of the JoeGo Ransomware's category. Different infection methods may brute-force your server's login credentials, if they're sufficiently weak, or circulate the Trojan in mislabeled downloads – for instance, as a torrented gaming crack or movie. However, it has no noticeable protection from the security industry's standard anti-malware products, which should block its installation or delete the JoeGo Ransomware after the fact.

Users not wanting to welcome in the JoeGo Ransomware by a new name a third or fourth time, like any Ransomware-as-a-Service entity, should be careful about what they're clicking. Nine times out of ten, the start of a Trojan's attack begins with the victim's fingertips helping them inside.