JB88 Ransomware
The JB88 Ransomware is a file-locking Trojan that's part of the AES-Matrix Ransomware family. The JB88 Ransomware blocks media files like documents with encryption and deletes their backups while holding them hostage. Anti-malware products should stop infections and remove the JB88 Ransomware, whereas offsite backups can help recover any data.
A Targeted Trojan is Back for More Ransoms
The proliferation of variants with different extensions and names may be more generous with Ransomware-as-a-Services like the Dharma Ransomware family. Still, a smaller size doesn't stop the AES-Matrix Ransomware from being a harmful and expensive threat. This targeted group of Trojans often uses manual deployment strategies, with threat actors compromising targets with potentially high ransoming potential, like a corporate network. The JB88 Ransomware is a recent case showing that these hackers remain 'in business,' at the cost of their victims' files.
The JB88 Ransomware executables often use random names like 'nw9y5y6n,' which isn't unexpected of a threat that attackers install personally. The JB88 Ransomware continues using AES with RSA security for blocking files after gaining access to the computer. This feature stops documents, spreadsheets, music, pictures, and other media formats from opening until the user decrypts them. As an added incentive, the Trojan also can delete some types of local backups.
The traditional ransom note of the AES-Matrix Ransomware family, an RTF document, differs mostly by the e-mail addresses in use. In the JB88 Ransomware case, 'Jonbrown' in different services. This campaign also uses another extension, as per its name, which marks the non-opening files for the victims' benefit. While paying a ransom is fraught with risks, users have no freeware options for recovery of files from this family, thanks to its security.
Layering the Defenses against Trojan Drops
Users can harden their defenses against most file-locker Trojans in many ways concerning families like the AES-Matrix Ransomware, particularly. Disabling RDP or restricting its usage can prevent attackers from gaining remote access to a system. Password choices can impact brute-force attacks' success, and software updates will remove many publicly-known vulnerabilities involving the above scenarios. Workers also should be careful with opening e-mail attachments or enabled advanced document content, such as macros, which tend to associate themselves with file-locking Trojans, RATs, and other threats.
The JB88 Ransomware has few non-cosmetic behaviors separating it from relatives like the AB89 Ransomware, the BG85 Ransomware, the FDFK22 Ransomware, and the Relock Ransomware. Users shouldn't assume that decryption or unlocking services are possible for free. They can, however, save backups appropriately for recovery on cloud services or detachable drives, particularly.
Reliable cyber-security tools should flag members of the AES-Matrix Ransomware family. Samples available to malware analysts suggest that they should contain and delete the JB88 Ransomware (unless an attacker disables them) sufficiently.
A refresh on a text string of random characters doesn't do much for reviving the JB88 Ransomware's business model, but some businesses don't need constant reinvention. Every user who pays the ransoms of these threats is doing nothing more than guaranteeing a future that's full of even more Trojan campaigns.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.