JosepCrypt Ransomware

The JosepCrypt Ransomware is a file-locking Trojan capable of keeping your files blocked by encrypting them with an algorithm, such as the AES-256. The encrypted content may have new extensions placed on their names, and the Trojan also creates text-based messages asking for money. Victims of this threat should continue ignoring all ransoming demands and using free data recovery features along with a dedicated anti-malware program for removing the JosepCrypt Ransomware.

The Anti-Virus that Gives out Infections

An unidentified threat actor is distributing a Trojan that uses an ironic delivery exploit: pretending to be a notable brand of anti-malware software. The JosepCrypt Ransomware drops ransoming demands meant for the consumption of English speakers after taking their files hostage. Users appear at risk of compromising their PCs after installing a fake version of Dr.Web, the archetypal AV suite for Russia.

Since its payload is equally suitable for PCs inside or outside of that country, malware experts have yet to note whether or not the JosepCrypt Ransomware is targeting Russian victims explicitly. The JosepCrypt Ransomware is a Windows executable of less than a megabyte and may be circulating on file-sharing networks, compromised advertising services or corrupted websites. After installing itself through any of these exploits, the JosepCrypt Ransomware initiates an AES encryption-based attack that blocks various data types on the computer, such as Word or PDF documents, GIF or JPG pictures, 3D modeling data or archives.

This threat uses what malware experts note as a popular standard in the Black Hat industry for denoting any imprisoned files: adding its extension (in this case, .'josep') to their names. Lastly, it creates a Notepad file with an English, and grammatically incorrect, ransoming note that demands negotiations for the unlocker through the threat actor's AOL e-mail address. The JosepCrypt Ransomware provides a five day limit on this transaction, although malware experts see no additional features that would trigger at the expiration, such as deleting your files.

Getting Your PC's Booster Shots from Safe Places

Threats like the JosepCrypt Ransomware and its direct competition, including spin-offs of the Turkish Hidden Tear project, RaaS services like the Globe Ransomware, and the small, Russian-based Unlock92 Ransomware family often install themselves after pretending that they're legitimate software. Since most security solutions are detecting this threat correctly, scanning your downloads before opening them should catch this Trojan before any encryption happens. Drive-by-downloads triggering through Web-browsing scripts, as well as Word document macros, also could install the JosepCrypt Ransomware on an unprotected computer automatically.

AES-derived cryptography includes both secure and breakable methods of 'locking' your files. Free decryption options aren't always possible, and purchasing a criminal's ransom-based decryption service is always a high-risk transaction. For reducing the scope of damage in a the JosepCrypt Ransomware infection, malware experts encourage keeping backups, especially on other, secure devices. Any already compromised PCs should receive scans by anti-malware products capable of deleting the JosepCrypt Ransomware and other, file-locking threats, including disinfecting Windows components like the Registry.

As a classic wolf in sheep's clothing, the JosepCrypt Ransomware takes advantage of Web surfers who open files under the presumption that the names always are accurate. However, if the source isn't trustworthy necessarily, a quick scan with relevant security software may be in order.