Jwjs Ransomware
The Jwjs Ransomware is a file-locking Trojan without a currently identifiable family. The Jwjs Ransomware blocks the user's digital media, such as documents, and holds it captive while waiting on a ransom. Users should have backups on secondary devices for a fast recovery and anti-malware applications to automatically flag and remove the Jwjs Ransomware.
A Host of Upcoming File Access Issues
Even though it borrows a ransom note that families like the Globe Ransomware, the Globe Imposter Ransomware, and even old versions of the Dharma Ransomware use, the Jwjs Ransomware is a new threat whose affiliation lies open to question. With its familial boundaries still murky, malware experts satisfy themselves with confirming its features, which continue the tradition of pairing together data encryption and extortion. The Windows Trojan might not be a Crysis Ransomware offshoot but resembles a Ransomware-as-a-Service quite closely, regardless.
The Jwjs Ransomware is a Windows program, with all samples using packing for concealing its code from threat detection rulesets. Its file information suggests that the Trojan is a built-in part of Windows – the 'host process for windows tasks,' although there is no digital certificate signature. This .NET Framework Trojan uses encryption for blocking media files and targets folders such as the user's desktop, downloads, documents and pictures.
The Jwjs Ransomware also creates a pop-up and text messages, with the latter appearing multiple times, in the above-noted directories. The close resemblance of the Jwjs Ransomware's ransoming instructions here to those of other RaaS campaigns makes its inclusion in that section of the threat landscape a probable one, but not a certainty. Malware analysts have no data on wallet payments or other ransoming information, although paying always is inadvisable and risky.
Sparing Your Files the Mercies of Fake OS Tools
As its campaign continues, more investigation may reveal significant clues on this Trojan's ancestry, its encryption technicalities and its means of spreading. However, none of these omissions weaken the high value of a proper backup schedule and storage implementation against this threat. Since there isn't a free decryption tool or unlocker, any victims will depend, primarily, on any spare copies that they save to other, unencrypted devices.
Malware experts also recommend that users continue keeping strong passwords and installing security patches ASAP. They also may disable the more threatening software features such as JavaScript, the soon-to-be-defunct Flash, and macros. Interactions with pirated software, torrent media, and e-mail attachments (such as fake invoices or delivery notices) are commonplace with the installation exploits of file-locking Trojans.
This Trojan's current obfuscation methods are semi-effective, with fewer vendors than average detecting the threat. However, dedicated anti-malware products should be capable of detecting and removing the Jwjs Ransomware automatically, even as it stands.
The Jwjs Ransomware is something 'new' playing by old rules, but with just enough spice to hide better than anticipated. Any predator that updates its camouflage is a concern, but especially for its prey – even online.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.