Josephnull Ransomware
The Josephnull Ransomware is a file-locking Trojan that encrypts media content, such as documents, for holding it hostage. The Josephnull Ransomware provides ransom instructions for any victims, requesting a twenty-thousand Bitcoin deposit for its unlocking service. Users with backups can ignore this extortion, and most anti-malware products are suitable for removing the Josephnull Ransomware.
Staring at the Skeletal Face of Cryptocurrency Extortion
A particularly expensive file-locking Trojan's campaign raises eyebrows, with demands that far outstrip the more modest expectations of most Ransomware-as-a-Services. The Josephnull Ransomware, a possible variant of the same family as Thanos Ransomware and Hakbit Ransomware, is opting for quality of victimization over quantity. At over two thousand dollars before its conversion into Bitcoins, even one ransom will make the 'investment' worth the threat actor's time.
The Josephnull Ransomware is an unsigned Windows executable using the .NET Framework. The Trojan's name is flexible, but one sample that sticks out to malware researchers is 'Safeboot,' implying that the program is a Windows component or recovery tool. Its initialization behavior includes some threatening changes to the Registry, such as turning off the Windows Defender.
Even worse than that is the second stage of the Josephnull Ransomware's attacks, which commences with encrypting media files one-by-one. This attack blocks each file from opening and appends them with 'crypted' extensions (yet another similarity to some members of Thanos Ransomware's family). As a finale, it creates an HTA pop-up with a unique, skeleton-themed background and its extremely-costly demands for unlocking the files: twenty-thousand dollars in Bitcoins.
Perhaps to no one's surprise, the Josephnull Ransomware's Bitcoin wallet lies empty as of mid-July.
Cheaping Out on High-Cost Encryption Problems
The Josephnull Ransomware's ransom note contains various grammar and format errors, and it doesn't conform to the usual, more-professional templates that malware experts find in RaaS campaigns. Because of these and other details, the Josephnull Ransomware's threat actor might not be highly-experienced or capable of compromising enterprise-grade entities that could pay such a ransom. However, even a low-level and amateur file-locker Trojan is hugely disruptive to the victim's documents, pictures and other files.
Users can scan their downloads for detecting new threats, including the Josephnull Ransomware, with minimal omissions or false flags. Standard self-defense protocols for limiting the risk of exposure also include using secure passwords for all accounts, disabling vulnerability-laden features like macros and installing patches promptly. The Josephnull Ransomware is a Windows program, but effectively-identical payloads in Trojans exist elsewhere for Android, macOS and NAS devices.
The Josephnull Ransomware's expectations might be out of its league, but the most frightening thing about encryption is its accessibility. As a grim reaper of digital media, the Josephnull Ransomware might be deadly even if it's just another chip off Thanos Ransomware's block.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.