Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


JackPot Crypto Virus Remove and Restore Files

jack-pot-ransowmare-sensorstechforumRansowmare virus going by the name JackPot has been reported to slither undetected in user systems and encrypt their files using an encryption algorithm module after which change the wallpaper of the encrypted systems with a brief notification to pay 3.0 BTC which is approximately 800 US dollars. Researchers feel convinced that the virus is not very widespread but the bad news is that at it’s start it is undetected by any antivirus which means it may use good quality obfuscation tools. The victims are asked to make the ransom payoff in BitCoin and focus on immediately removing this seemingly low-quality virus from their computers and look for alternative methods to restore the encrypted files.

SensorsTechForum is actively investigating this cyber-threat and will soon update this article with more information.

Threat Summary

Name

JackPot

TypeRansomware
Short DescriptionJackPot encrypts the files after infection and may modify the Windows Registry editor to change the wallpaper and notify the vicitm to pay 3.0 BTC ransom to get the encrypted files back.
SymptomsThe user may witness ransom notes and “instructions” which are set as wallpaper or text files on his computer. Widely used file types also become innaccessible and seem corrupted.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by JackPot

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss JackPot Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

JackPot Ransomware – How Is It Being Redistributed

In order for JackPot Ransomware to successfully cause an infection it has to be spammed properly. This is why, its developers may have undertaken massive spam e-mail campaigns in order to infect as many users as their abilities allow them to. The e-mail messages that are being sent by the cyber-crooks may resemble legitimate programs and services that could in fact be containing either malicious URLs that lead to websites or malicious e-mail attachments which only seem to be legitimate files, however do not even come close to such. Here is an example of a fake LinkedIn phishing e-mail that contains a malicious URL disguised as a button:

fake-linked-in-e-mail

JackPot Ransomware – More Information

When unsuspecting users “hit the JackPot”, they often become clueless as to what happens behind the scenes. As soon as the infection is done, the JackPot ransomware may create different types of files that may exist under different names and be located in the usually targeted Windows folders:

commonly used file names and folders

After the files are situated, JackPot ransomware may either drop malicious files in the %Startup% directory or create custom registry entries in the Windows Registry Editor. Commonly targeted registry keys are the following:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

The JackPot ransomware may also engage in other activities such as delete the shadow volume copies by executing the vssadmin command in privileged Windows mode:

cerber-ransomware-shadow-command-sensorstechforum-3

After having deleted all the bakcups, JackPot may employ encryption on the targeted files while remaining undetected. The virus may have been configured to encrypt several files partially or encipher all of the files at the same time besides crucial files for the functioning of Windows. The primary files that have the actual impact in terms of value for the user are:

  • Videos.
  • Images.
  • Audio files.
  • Database files.
  • Adobe Reader PDF documents.
  • Microsoft Office documents.

The encrypted files seem to be corrupted and can no longer be opened. A brief ransom note is left behind that aims to notify victims to pay the ransom:

jack-pot-ransowmare-sensorstechforum

Conclusion and Removal of JackPot Ransomware

JackPot ransomware is a virus that has made malware researchers to believe it is not a high quality ransomware and it’s infections are not expected to be massive in number. If you have been infected by this virus, however, researchers strongly recommend that you focus on removing it yourself and attempt to restore your files using the instructions we have suggested below.

Manually delete JackPot from your computer

Note! Substantial notification about the JackPot threat: Manual removal of JackPot requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove JackPot files and objects
2.Find malicious files created by JackPot on your PC

Automatically remove JackPot by downloading an advanced anti-malware program

1. Remove JackPot with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by JackPot
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.