Kjh Ransomware

The Dharma Ransomware is one of the largest active ransomware families in the past two years, and it seems that its list of members keeps expanding on a daily basis. A recent malware sample submitted by a user in the United States revealed yet another new variant of the Dharma Ransomware – the Kjh Ransomware. This particular version does not include any innovations in terms of functionality, but it still does a terrifyingly excellent job at encrypting the files of its victims. The Kjh Ransomware looks for documents, images, videos, archives, databases, videos, spreadsheets and other common file formats. After identifying a potential file to target, it completes the encryption routine and moves on to the next file. Unfortunately, there is no free and reliable way to decrypt the files locked by the Kjh Ransomware, and the only way to fully recover from the attack is to restore the damaged files from a backup.

The Kjh Ransomware may reach potential victims via phishing emails that the project’s operators send out. These emails are likely to contain a bogus file attachment (often a Microsoft Office document) that, upon launch, may initialize a script that sets of the Kjh Ransomware’s attack.

All files that this ransomware locks will have their names marked with the following extension – ‘.id-.[datadatareturn@protonmail.com].kjh.’ Victims of the ransomware also are supplied with the text-file ‘RETURN FILES.txt,’ which explains the attack and promises the users that their files can be recovered if they send some Bitcoin to the attackers. Naturally, you should not accept this offer since co-operating with cybercriminals is never a good idea, and you may end up getting tricked.

If you believe that the Kjh Ransomware has locked your files, then we advise you to eliminate the threatening application by running a reliable anti-virus scanner. When you complete this step, you should proceed to try and undo some of the damage by using data recovery software.