New file encryption malware named Dr.Jimbo has been spotted to encode user data adding the .encrypted file extension to the encoded files. The ransomware uses a sophisticated encryption algorithm which changes the hex code of the files, making them inaccessible. It is not likely that Dr. Jimbo ransomware will spread on a massive scale in the future. But in case you have been infected with this ransom virus, we strongly advise you to read this article to learn how to remove this virus and try restoring your files without having to pay 2 BTC, which is demanded by the cyber-criminals of Dr.Jimbo.
|Short Description||The ransomware encrypts files with an immensely strong cipher and asks a ransom payment for decryption.|
|Symptoms||Files are enciphered and become inaccessible. A text file with ransom instructions is added.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
|Detection Tool|| See If Your System Has Been Affected by Dr.Jimbo |
Malware Removal Tool
|User Experience||Join our forum to discuss Jimbo Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Dr.Jimbo – How Does It Infect Users
To confirm a successful infection, Dr.Jimbo Ransomware has to successfully connect to the malicious server of the cyber-criminals. To do this, it may use a malicious executable dropped by a Trojan.Downloader, which can be masked as an:
- E-mail attachment.
- Fake setups of programs.
- Fake game cracks or key generators.
In addition to that other types of attacks may be used, in correlation with malicious URLs being posted online or in spam messages:
- Exploit kit attacks.
Dr.Jimbo – More About The Ransomware
After it slips past the defenses of the victim PC, most likely via using obfuscators, Dr.Jimbo may create malicious files in some of the following Windows folders:
- %User’s Profile%
After creating the malicious files, Dr.Jimbo ransomware might as well create registry entries in order to make one or more files run every time Windows has started and change the wallpaper of the infected computer to one with a ransom note. Here are some of the probably targeted registry keys by Dr.Jimbo:
The encryption process used by Dr.Jimbo may be taken from other ransomware viruses. As soon as it is activated the ransomware may start scanning the computer for different file types of commonly used files, for example:
Encrypted files are no longer accessible and the file extension .encrypted is added to them. This very file extension has been reported to be seen with other ransomware viruses, like Crypren and Apocalypse viruses.
The encrypted files with such extension added to them may look like the following example:
The encryption cipher(algorithm) used to encrypt those files may be one of the following:
After encryption, the ransomware drops the following file so that the user can see it:
The file states the following ransom message:
The domain of the malicious e-mail address strongly suggests that there may be Romanian involvement in the development or the usage of this virus to make a profit at the user’s expense. However, it may be a trick by the cyber-criminals to simply mask their real identity.
The demanded payoff amount by Dr.Jimbo ransomware is reported to be in the range of 2 to 3 BitCoins – a hefty sum.
Also, even though it is not confirmed, Dr.Jimbo ransomware may delete backups and file history from your computer, using the vssadmin command with one of its following parameters:
Remove Dr.Jimbo Ransomware and Try to Restore Encrypted Files
To delete Dr.Jimbo Ransomware, we suggest you follow the step by step instructions which we have provided for you after this article. Since the ransomware may create different files and various malicious registry entries, experts advise eradicating it automatically with an advanced anti-malware program for maximum effectiveness.
To try and restore your files, direct decryption will not work. You can, however, try some of the methods we have prepared in step “3.Restore Files Encrypted by Dr.Jimbo” below. They are not 100 percent effective but if you are lucky, haven’t reinstalled Windows or have backups, you may restore some of your files.