juwon Ransomware
The juwon Ransomware is a file-locking Trojan that may block your files through methods such as encryption or moving them into password-protected archives. The in-development builds of this Trojan include limited features except for an advanced HTML pop-up that extorts cryptocurrency and delivers English warning messages. Backing up media to other devices can protect your documents and other content from such attacks, and most anti-malware products should delete the juwon Ransomware securely at any point.
Korean Hackers Exporting Their Cryptography Crimes
An apparent resident of South Korea who's calling himself Seojuwon is planning on delivering attacks against unknown users' files by way of encryption or other, file-blocking mechanisms. While much about his project, the juwon Ransomware, is incomplete or missing, the upcoming, file-locking Trojan comes with ransoming features that suggest a great deal about its future payload. The author, also, is borrowing already-existing terminology for his notes, which is suggestive of either limited English proficiency or a lack of concern for the believability of the ransoming campaign.
The juwon Ransomware deposits its ransoming messages via HTA pop-up windows, just like the Globe Ransomware and the Jigsaw Ransomware families, albeit with a different format. The juwon Ransomware displays a basic warning message asserting the use of 'military' encryption for blocking your files and demands a ransom for the password within one day. Unusually and uniquely, the juwon Ransomware offers a 'hint' to the correct password, which implies that it's a hard-coded, rather than a dynamic string. Other features of the pop-up include links for the TOR pro-anonymity browser and a Bitcoin wallet for paying.
Since Seojuwon hasn't added most, other features yet, including the encryption, malware experts can't estimate the recovery solutions that might be available for any victims. Many file-locker Trojans using static passwords or encryption routines are, however, beatable by free software or extensive investigation by third parties in the AV industry. If you have no better options for restoring your computer's media, contacting a cryptography-experienced researcher may open up new possibilities.
Keeping Computerized Destruction at a Distance
The juwon Ransomware's threats are, possibly, overstatements, as this currently-harmless Trojan claims nothing less than the wholesale destruction of your computer for any victims who don't pay. Backing up media to other devices should be taken for granted as a default safeguard against any file-locking Trojan since not all of them include a viable decryptor of any kind, especially. As a last resort, the users may find some Shadow Volume Copies or the Restore Points intact, as well.
The juwon Ransomware's first samples became available in mid-January and are, on account of limited attack potential, avoiding various brands of cyber-security software. Users can patch the databases of their AV products for improving the detection odds and should stay cautious around e-mail attachments, documents with macros, script-exploiting websites, and potentially threatening Web advertisements. Such anti-malware solutions should be capable of deleting the juwon Ransomware without any significant obstacles.
The juwon Ransomware is less of an actual danger than it is a warning of one that's upcoming, but malware experts, still, suggest taking it seriously. Forgetting to back up your work one day can cause issues that aren't so easy to roll back, even at the hands of a less-than-proficient 'Black Hat' programmer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.