New ransomware pieces constantly emerge from the depths of cybercrime. Another addition to the ransomware family of threats is JobCrypter. Currently, JobCrypter is attacking users in France via spam emails containing malicious download links and attachments. Continue reading to learn more about JobCrypter and how to remove it from your system.
|Short Description||The ransomware uses a custom encryption algorithm.|
|Symptoms||The victim’s documents, images and videos not larger than 20 megabytes are encrypted.|
|Distribution Method||Via spam email attachments containing ZIP files.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by JobCrypter Ransomware|
|User Experience||Join our forum to discuss JobCrypter Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
JobCrypter Ransomware Distribution Method
The primary method employed for the distribution of JobCrypter is spam email campaigns. The spam emails sent out to victims are reported to contain information about social and political events. A report or a promotional material is attached within the email. If the attachment is executed, the user’s system will be infected with JobCrypter.
A Look inside the Malicious Attachment
As reported by Enigma Software security experts, a ZIP file with a double file extension is attached in the email, containing executables. One of the files within the ZIP is the encrypted JobCrypter .exe, and the other one is a decryptor and installer named deobfuscated.exe.
JobCrypter Ransomware Technical Description
Once the ZIP file is executed, JobCrypter is activated. JobCrypter best fits the description of a Trojan ransomware. The Trojan is observed to register its executable file named FileLocker.exe so that it runs upon system reboot.
JobCrypter Ransomware Encryption
The encryption algorithm used by JobCrypter is custom and is designed to act as a defense against reverse engineering attempts. The ransomware can encrypt documents, images and videos not larger than 20 megabytes. Only files stored on local hard drives appear to be affected. The duration of the encryption process is estimated at a few hours, more or less, depending on the data volume.
Curiously enough, victims of the ransomware could still be able to browse while the encryption is taking place, despite heavy resource consumption. Once the encryption has finished, a program windows is the displayed to the victim, providing information on what has just happened.
JobCrypter Ransomware Ransom Demanded
The creators of JobCrypter demand the purchase of Paysafe cards at the price of 300 Euro in exchange for decryption. Once this is done, the code maps should be sent to one of 3 listed email addresses, with a subject line the computer’s username.
Along with the encryption process, a TXT file, or the ransom note, is dropped in the folders with encrypted files.
JobCrypter Ransomware Removal Options
The easiest way to clean the system of any JobCrypter traces is via using an anti-malware program. We have compiled a helpful and easy-to-follow instructions right below the article.
If you have information about JobCrypter that you would like to share with us and other users, don’t hesitate to drop a comment in our security forums.