How did ransomware infect my computer?ĭjvu ransomware is commonly disseminated through pages that provide pirated software, key generators, and cracking tools, as well as via emails that contain malicious files or links and untrustworthy websites that offer video downloads from YouTube. Ransomware typically generates a ransom note that includes payment and contact information.Įxamples of different ransomware variants are Hairysquid, Sus, and Skynet. Usually, victims are left with no choice but to pay the ransom since cybercriminals possess the exclusive decryption tools required to restore their files. Threat actors utilize ransomware to blackmail victims and extort money from them.
Unfortunately, the only feasible options for file recovery without the involvement of attackers are looking for a third-party decryption tool online or having a data backup.įurthermore, it is crucial to promptly remove the ransomware from infected computers to prevent further encryptions, including on other devices connected to the same local network. Paying a ransom is not advisable, as there have been numerous instances where victims did not receive the promised decryption tools even after making the payment to the cybercriminals. Moreover, the ransom note proposes free decryption of a single file. The note also claims that it is impossible to recover encrypted files without purchasing decryption software and a unique key from the threat actors. The ransom note provides two email addresses and and instructs victims to contact the attackers within 72 hours to avoid a higher ransom of $980 for decryption tools instead of the initial amount of $490. Screenshot of files encrypted by Jycx ransomware: It is noteworthy that Jycx is a member of the Djvu ransomware family, which has been observed to be distributed by threat actors alongside RedLine, Vidar, and other information stealers.
Our team came across Jycx while examining various malware samples submitted to the VirusTotal website.Īn example of how Jycx modifies filenames: it changes " 1.jpg" to " 1.jpg.jycx", " 2.png" to " 2.png.jycx", and so forth. Furthermore, it generates a ransom note, the " _readme.txt" file. During our analysis, we identified Jycx as ransomware that employs file encryption and modifies the file names by appending the ".
0 kommentar(er)
