Home Malware Programs Ransomware JabaCrypter Ransomware

JabaCrypter Ransomware

Posted: April 24, 2018

The JabaCrypter Ransomware is a file-locking Trojan that holds your data hostage by encrypting it. Users can identify the affected media by searching for the unique extension that it adds to their names. Since paying the ransom may not restore your files, most users should delete the JabaCrypter Ransomware with a trusted anti-malware program before recovering their work through their latest backup.

Researchers Finding Russian Ransoms Again

The irregular but recurring rise of file-locker campaigns attacking Russian citizens remains a steady trend in the threat industry. One of the newest of these Trojans, the JabaCrypter Ransomware, drops evidence implying that its authors are threat actors operating from another country, with minimal familiarity with the language. Unlike most threats of this category, the JabaCrypter Ransomware requires the victim's communicating with the admins before paying, which may be for protecting its ransoming infrastructure from any analysis by the AV community.

The JabaCrypter Ransomware uses the AES-based encryption for blocking different media types, and malware experts have yet to determine whether its encryption method is under any protection (such as by employing another layer of RSA encryption for the generated key), or open to free decryption solutions. The JabaCrypter Ransomware adds '.cryptfile' extensions to every document, picture, and other media that it encodes, which gives the victim an easy way of searching for the non-opening files. No other symptoms are visible during this encryption routine.

When it finishes, the JabaCrypter Ransomware creates a local Web page containing all of its ransoming instructions, which ask the user to contact an e-mail for further 'help' on paying for a decryption service. This note uses a unique format that malware experts aren't finding in competing Trojans' campaigns. Although it's in Russian, the many typos in its text imply that the threat actor isn't a native of that country.

Dodging a Quick Jab at Your Computer's Files

While the JabaCrypter Ransomware's cryptography isn't highly obfuscated or unusual, the AES encryption isn't difficult to implement in ways that make their data secure from any easy decoding and recovery. Due to the frequent unreliability of freeware decryption programs, malware researchers always advises backing your most valuable files up to a portable storage drive or cloud service. Although Windows does store backups of your media, by default, many file-locker threats like the JabaCrypter Ransomware include some countermeasures against that operating system's data-preservation features.

Many of the file-locking Trojan campaigns operating in Russia use spam e-mails, exploit kits on Russian-oriented websites, or file-sharing networks for infecting random PCs. Russian PC owners already at risk from attacks like those of the Apophis Ransomware, the Gedantar Ransomware, the SkyFile Ransomware or the Unlock92 Ransomware also should take similar steps versus the JabaCrypter Ransomware by backing their files up, updating their anti-malware products, and disabling any exploitable macros and scripts. Having your anti-malware programs delete the JabaCrypter Ransomware preemptively is the only sure way of protecting your files.

Nowhere is safe from con artists wanting to make money off of others' carelessness. The sooner most users abide by reasonable standards of protecting their digital media, threats like the JabaCrypter Ransomware will be unprofitable and, therefore, defunct definitively.

Loading...