'JoniCarter@protonmail.com' Ransomware

The 'JoniCarter@protonmail.com' Ransomware is a variant of the Amnesia 2 Ransomware branch of the Scarab Ransomware family. This file-locker Trojan uses Ransomware-as-a-Service rentals for distributing itself to victims, who have their media locked by its encryption attack until they pay the ransom. Malware experts advise saving backups of your files for their safety, contacting appropriate PC security experts for their decryption help, and using anti-malware programs for removing the 'JoniCarter@protonmail.com' Ransomware infections.

Memories of an Amnesiac Trojan Flooding Back to Your Files

The Scarab Ransomware's success as a Ransomware-as-a-Business service is self-evident: threat actors are making new variants of the threat for the benefit of their Bitcoin wallets nearly every week. As of late July, one of the most secure branches of this Trojan, the second version update of the Amnesia Ransomware, also is enabling a new threat actor's campaign, through the 'JoniCarter@protonmail.com' Ransomware. Besides it being less vulnerable to public decryptors, the 'JoniCarter@protonmail.com' Ransomware also is one of the few Trojans of its family that doesn't explicitly attack Russian users, in 2018.

The standard procedure of a 'JoniCarter@protonmail.com' Ransomware infection, like those of other members of its family, is as follows:

• First, the user leaves their PC vulnerable by using a brute-force-friendly login or opening a malicious file (typically, a fake e-mail attachment).
• Whether the 'JoniCarter@protonmail.com' Ransomware's installation is manually-directed or automated through exploits, it uses the Windows Registry for triggering its payload without the user's permission. Its primary feature searches both local directories and network-shared ones for documents, pictures, and other media that it encrypts with the AES.
• The latter stages of attack create one or more Notepad messages that use instructions copy-pasted from the old Scarab Ransomware campaigns. the 'JoniCarter@protonmail.com' Ransomware offers the user a file-unlocking feature, but only after they pay a Bitcoin ransom.

Furthermore, malware analysts also are classifying the 'JoniCarter@protonmail.com' Ransomware as being a threat to any local backup data. This issue includes the system restore points that Windows creates by default for emergency recoveries and rollbacks.

The Cost of Forgetfulness, Measured in Files or Cryptocurrency

Since the 'JoniCarter@protonmail.com' Ransomware is highly specific about eliminating any local data restoration methods, users have three choices: using a non-local backup, paying the ransom and hoping the threat actor responds in good faith or contacting a threat researcher for estimates on a public decryptor update. Unfortunately, malware experts are confirming the 'JoniCarter@protonmail.com' Ransomware's incompatibility with the traditional decryption services for the Scarab Ransomware family, which leaves secure, non-local backups as being the safest option for saving any files.

The family that the 'JoniCarter@protonmail.com' Ransomware belongs to, and the many variants of it like the Scarab-Osk Ransomware or the Scarabey Ransomware, often abuse RDP-based installation exploits. Threat actors leverage these attacks after gaining access to user login names and passwords, traditionally, with the help of a brute-force program. While users should have anti-malware protection for uninstalling the 'JoniCarter@protonmail.com' Ransomware securely, they also should be careful of avoiding default or easily-cracked account logins.

Whether or not paying the 'JoniCarter@protonmail.com' Ransomware's ransom recovers your files is a gamble. Anyone who's happy to trust a criminal instead of their backup software is, hopefully, not saving any files that are essential to their lives.