Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Remove JobCrypter Ransomware and Restore Your Files

New ransomware pieces constantly emerge from the depths of cybercrime. Another addition to the ransomware family of threats is JobCrypter. Currently, JobCrypter is attacking users in France via spam emails containing malicious download links and attachments. Continue reading to learn more about JobCrypter and how to remove it from your system.

Name JobCrypter Ransomware
Type Ransomware
Short Description The ransomware uses a custom encryption algorithm.
Symptoms The victim’s documents, images and videos not larger than 20 megabytes are encrypted.
Distribution Method Via spam email attachments containing ZIP files.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by JobCrypter Ransomware
User Experience Join our forum to discuss JobCrypter Ransomware.

JobCrypter Ransomware Distribution Method

ransomware-file-encryptionThe primary method employed for the distribution of JobCrypter is spam email campaigns. The spam emails sent out to victims are reported to contain information about social and political events. A report or a promotional material is attached within the email. If the attachment is executed, the user’s system will be infected with JobCrypter.

A Look inside the Malicious Attachment

As reported by Enigma Software security experts, a ZIP file with a double file extension is attached in the email, containing executables. One of the files within the ZIP is the encrypted JobCrypter .exe, and the other one is a decryptor and installer named deobfuscated.exe.

JobCrypter Ransomware Technical Description

Once the ZIP file is executed, JobCrypter is activated. JobCrypter best fits the description of a Trojan ransomware. The Trojan is observed to register its executable file named FileLocker.exe so that it runs upon system reboot.

JobCrypter Ransomware Encryption
The encryption algorithm used by JobCrypter is custom and is designed to act as a defense against reverse engineering attempts. The ransomware can encrypt documents, images and videos not larger than 20 megabytes. Only files stored on local hard drives appear to be affected. The duration of the encryption process is estimated at a few hours, more or less, depending on the data volume.

Curiously enough, victims of the ransomware could still be able to browse while the encryption is taking place, despite heavy resource consumption. Once the encryption has finished, a program windows is the displayed to the victim, providing information on what has just happened.

JobCrypter Ransomware Ransom Demanded

The creators of JobCrypter demand the purchase of Paysafe cards at the price of 300 Euro in exchange for decryption. Once this is done, the code maps should be sent to one of 3 listed email addresses, with a subject line the computer’s username.

Along with the encryption process, a TXT file, or the ransom note, is dropped in the folders with encrypted files.

JobCrypter Ransomware Removal Options

The easiest way to clean the system of any JobCrypter traces is via using an anti-malware program. We have compiled a helpful and easy-to-follow instructions right below the article.

If you have information about JobCrypter that you would like to share with us and other users, don’t hesitate to drop a comment in our security forums.

1. Boot Your PC In Safe Mode to isolate and remove JobCrypter Ransomware
2. Remove JobCrypter Ransomware with SpyHunter Anti-Malware Tool
3. Back up your data to secure it against infections and file encryption by JobCrypter Ransomware in the future
4. Restore files encrypted by JobCrypter Ransomware
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the JobCrypter Ransomware threat: Manual removal of JobCrypter Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.