Jokeroo Ransomware
The Jokeroo Ransomware is an update of the GandCrab Ransomware, a file-locker Trojan running under the Ransomware-as-a-Service model. The Jokeroo Ransomware can employ different encryption types for blocking documents and other media on your PC, depending on which tiers a threat actor is buying into for administrating it. The users should keep their files safe, as usual, by backing them up and have anti-malware protection for removing the Jokeroo Ransomware as soon as it's possible.
An Expensive Joke Told Between Criminals
Threat actors are deploying a new RaaS business that's trying to set itself apart from the old code they're using – from the previously-decryptable GandCrab Ransomware. It's not yet sure whether or not the new file-locking Trojan, the Jokeroo Ransomware, is vulnerable equally, but its authors have put in some work into its cryptography that bodes poorly for any victims. Malware researchers, however, can't confirm live attacks, for the moment.
The Jokeroo Ransomware business is using a tier system for renting itself to other criminals, who may distribute it through e-mail, brute-force attacks, EKs or other means. Depending on how much the third parties pay in upfront, they may receive more or less of the ransoms from any victims. More importantly than the profit, however, is the Jokeroo Ransomware's incrementally upgrading payload, which can include a variety of functions of use to any would-be attackers, such as a different encryption method.
Whether the criminals opt for the optional Salso20 or a more conventional, AES-based setup, the Jokeroo Ransomware blocks media files on the PCs that it infects and holds it hostage indefinitely. While it also applies new extensions to their names, the text that it appends is variable between different campaigns. The attackers also have access to some system information for tracking purposes, such as the IP address and the Windows version.
Bringing an End to a Bad Comedy
The Jokeroo Ransomware's authors are doing their best to erase any evidence of the threat's ties to the original GandCrab Ransomware, and the strength of its different encryption options isn't being put to the test, yet. Since most file-locking Trojans lack a freeware solution for unlocking and data recovery, malware researchers always encourage having non-local backups as the best alternative. Local ones frequently are subjected to deletion.
Potential victims should expect attacks from a variety of angles according to Ransomware-as-a-Service's variable administration. Some vulnerabilities remaining relevant to the current year include:
- E-mail attachments or links may pretend that they're financial or business-related documentation, such as a billing dispute.
- Exploit kits may abuse JavaScript, Flash, and other browser features for downloading threats, especially, if the software is out-of-date.
- Opportunity-based attacks could involve port-scanning or brute-forcing logins, which are preventable with the proper maintenance of your firewall rulesets and passwords.
Keeping anti-malware services available and fully-patched to their latest databases will help with removing the Jokeroo Ransomware promptly, and should, in most circumstances, interrupt any file-locking opportunities.
The Jokeroo Ransomware is a new spin on aging software with some extra business sense injected into it. While that may be good for its authors' profits, it's nothing but unhappy news to the users without backups or other protection.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.