Remove Dr. Jimbo Ransomware and Restore .encrypted Files - How to, Technology and PC Security Forum |

Remove Dr. Jimbo Ransomware and Restore .encrypted Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

shutterstock_152253701New file encryption malware named Dr.Jimbo has been spotted to encode user data adding the .encrypted file extension to the encoded files. The ransomware uses a sophisticated encryption algorithm which changes the hex code of the files, making them inaccessible. It is not likely that Dr. Jimbo ransomware will spread on a massive scale in the future. But in case you have been infected with this ransom virus, we strongly advise you to read this article to learn how to remove this virus and try restoring your files without having to pay 2 BTC, which is demanded by the cyber-criminals of Dr.Jimbo.

Threat Summary

Short DescriptionThe ransomware encrypts files with an immensely strong cipher and asks a ransom payment for decryption.
SymptomsFiles are enciphered and become inaccessible. A text file with ransom instructions is added.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Dr.Jimbo


Malware Removal Tool

User ExperienceJoin our forum to discuss Jimbo Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Dr.Jimbo – How Does It Infect Users

To confirm a successful infection, Dr.Jimbo Ransomware has to successfully connect to the malicious server of the cyber-criminals. To do this, it may use a malicious executable dropped by a Trojan.Downloader, which can be masked as an:

  • E-mail attachment.
  • Fake setups of programs.
  • Fake game cracks or key generators.

In addition to that other types of attacks may be used, in correlation with malicious URLs being posted online or in spam messages:

  • Exploit kit attacks.
  • JavaScript attacks.

Dr.Jimbo – More About The Ransomware

After it slips past the defenses of the victim PC, most likely via using obfuscators, Dr.Jimbo may create malicious files in some of the following Windows folders:

  • %AppData%
  • %Roaming%
  • %Desktop%
  • %Temp%
  • %User’s Profile%

After creating the malicious files, Dr.Jimbo ransomware might as well create registry entries in order to make one or more files run every time Windows has started and change the wallpaper of the infected computer to one with a ransom note. Here are some of the probably targeted registry keys by Dr.Jimbo:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

The encryption process used by Dr.Jimbo may be taken from other ransomware viruses. As soon as it is activated the ransomware may start scanning the computer for different file types of commonly used files, for example:


Encrypted files are no longer accessible and the file extension .encrypted is added to them. This very file extension has been reported to be seen with other ransomware viruses, like Crypren and Apocalypse viruses.
The encrypted files with such extension added to them may look like the following example:

Important Excel Document.xls.encrypted

The encryption cipher(algorithm) used to encrypt those files may be one of the following:

  • RSA
  • AES
  • XOR

After encryption, the ransomware drops the following file so that the user can see it:

  • How_to_decrypt.txt
  • The file states the following ransom message:

    All your data was Encrypted!
    If you wanna get it back contact via email:
    WARNING: If you don’t contact next 48 hours, then all DATA will be damaged unrecoverably!! !

    The domain of the malicious e-mail address strongly suggests that there may be Romanian involvement in the development or the usage of this virus to make a profit at the user’s expense. However, it may be a trick by the cyber-criminals to simply mask their real identity.

    The demanded payoff amount by Dr.Jimbo ransomware is reported to be in the range of 2 to 3 BitCoins – a hefty sum.

    Also, even though it is not confirmed, Dr.Jimbo ransomware may delete backups and file history from your computer, using the vssadmin command with one of its following parameters:

    Specifies the volume for which the shadow copy is to be deleted.
    /oldest – Deletes the first shadow records.
    /all – Eradicates all copies of a volume, for example, C:
    /shadow={ID} – Removes shadow copy by identification.
    /quiet – A mode allowing it to run unnoticed.


    Remove Dr.Jimbo Ransomware and Try to Restore Encrypted Files

    To delete Dr.Jimbo Ransomware, we suggest you follow the step by step instructions which we have provided for you after this article. Since the ransomware may create different files and various malicious registry entries, experts advise eradicating it automatically with an advanced anti-malware program for maximum effectiveness.

    To try and restore your files, direct decryption will not work. You can, however, try some of the methods we have prepared in step “3.Restore Files Encrypted by Dr.Jimbo” below. They are not 100 percent effective but if you are lucky, haven’t reinstalled Windows or have backups, you may restore some of your files.


    Ventsislav Krastev

    Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

    More Posts - Website

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    Share on Facebook Share
    Share on Twitter Tweet
    Share on Google Plus Share
    Share on Linkedin Share
    Share on Digg Share
    Share on Reddit Share
    Share on Stumbleupon Share