Home Malware Programs Ransomware JabaCrypter Ransomware

JabaCrypter Ransomware

Posted: April 24, 2018

The JabaCrypter Ransomware is a file-locking Trojan that holds your data hostage by encrypting it. Users can identify the affected media by searching for the unique extension that it adds to their names. Since paying the ransom may not restore your files, most users should delete the JabaCrypter Ransomware with a trusted anti-malware program before recovering their work through their latest backup.

Researchers Finding Russian Ransoms Again

The irregular but recurring rise of file-locker campaigns attacking Russian citizens remains a steady trend in the threat industry. One of the newest of these Trojans, the JabaCrypter Ransomware, drops evidence implying that its authors are threat actors operating from another country, with minimal familiarity with the language. Unlike most threats of this category, the JabaCrypter Ransomware requires the victim's communicating with the admins before paying, which may be for protecting its ransoming infrastructure from any analysis by the AV community.

The JabaCrypter Ransomware uses the AES-based encryption for blocking different media types, and malware experts have yet to determine whether its encryption method is under any protection (such as by employing another layer of RSA encryption for the generated key), or open to free decryption solutions. The JabaCrypter Ransomware adds '.cryptfile' extensions to every document, picture, and other media that it encodes, which gives the victim an easy way of searching for the non-opening files. No other symptoms are visible during this encryption routine.

When it finishes, the JabaCrypter Ransomware creates a local Web page containing all of its ransoming instructions, which ask the user to contact an e-mail for further 'help' on paying for a decryption service. This note uses a unique format that malware experts aren't finding in competing Trojans' campaigns. Although it's in Russian, the many typos in its text imply that the threat actor isn't a native of that country.

Dodging a Quick Jab at Your Computer's Files

While the JabaCrypter Ransomware's cryptography isn't highly obfuscated or unusual, the AES encryption isn't difficult to implement in ways that make their data secure from any easy decoding and recovery. Due to the frequent unreliability of freeware decryption programs, malware researchers always advises backing your most valuable files up to a portable storage drive or cloud service. Although Windows does store backups of your media, by default, many file-locker threats like the JabaCrypter Ransomware include some countermeasures against that operating system's data-preservation features.

Many of the file-locking Trojan campaigns operating in Russia use spam e-mails, exploit kits on Russian-oriented websites, or file-sharing networks for infecting random PCs. Russian PC owners already at risk from attacks like those of the Apophis Ransomware, the Gedantar Ransomware, the SkyFile Ransomware or the Unlock92 Ransomware also should take similar steps versus the JabaCrypter Ransomware by backing their files up, updating their anti-malware products, and disabling any exploitable macros and scripts. Having your anti-malware programs delete the JabaCrypter Ransomware preemptively is the only sure way of protecting your files.

Nowhere is safe from con artists wanting to make money off of others' carelessness. The sooner most users abide by reasonable standards of protecting their digital media, threats like the JabaCrypter Ransomware will be unprofitable and, therefore, defunct definitively.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to JabaCrypter Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Loading...
Spywareremove.com uses cookies to provide you with a better browsing experience and analyze how users navigate and utilize the Site. By using this Site or clicking on "OK", you consent to the use of cookies. Learn more.