The JungleSec virus is a new ransomware that has been discovered in a worldwide attack. The discovered infections have been found on Linux systems and using a strong cipher victim data is affected. The files are renamed with the [email protected] extension.
|Short Description||The ransomware encrypts sensitive information on your computer system with the [email protected] extensions and demands a ransom to be paid to allegedly recover them.|
|Symptoms||The ransomware will encrypt your files with a strong encryption algorithm.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by JungleSec |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss JungleSec.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
JungleSec Virus – Distribution Ways
The JungleSec Virus is a recently released ransomware threat that has been discovered in a small-size attack campaign. Due to the small number of captured samples the security analysts were not able to pinpoint the main delivery method.
A main delivery method is the use of email messages. The associated JungleSec virus files are either directly attached or hyperlinked in the body contents.
Using counterfeit download sites the criminals behind the JungleSec virus can use them to spread the files or any infected payloads. They can be application installers that are taken from their official vendor sites and modified to include the virus code. Another form of payload delivery incorporates document files. Using a similar technique the criminal controllers can infect text files, spreadsheets, presentations and databases. Once they are opened by the victims a fortification prompt appears which asks them to enable the built-in scripts (macros). When this is done the infection begins.
Another method that is used to spread the threats is the virus inclusion in data shared over file sharing networks such as BitTorrent. The JungleSec virus infection can also be instituted via browser hijackers. They represent malicious browser plugins that are widely distributed on the repositories of the most famous web browsers. Usually the criminal developers use elaborate descriptions and fake user reviews and credentials. Once they are installed the built-in behavior patterns are started which leads to the virus infection.
JungleSec Virus – In-Depth Analysis
The JungleSec virus has been found to affect Linux systems leading the security researchers to believe that it is not based on any of the well-known ransomware families. The small number of collected samples have undergone a basic code analysis which confirms that the threat is entirely made by its creators.
At the moment detailed information is not available yet about the actual behavior pattern. It is possible that it incorporates the same common components in a different way.We anticipate that the JungleSec virus strains may be customized for each individual hacker campaign.
In these cases the hackers can utilize the same well-known modules. One of them is the data gathering which can be programmed to harvest sensitive data about the victims. The built-in algorithms can retrieve the user’s name, address, telephone number, interests, location, passwords and etc. As such the harvested information can be used for financial crimes and identity abuse.
Apparently some kind of stealth protection mechanism is also enforced. It is able to protect itself from the system and any security software that can attempt to remove the active infections. The list includes all kinds of anti-virus products, sandbox environments and virtual machine hosts.
Following the infections it is possible that the JungleSec virus is capable of modifying the infected host by changing the system configuration files. Examples of modifications include the following:
- System Services Sequence Changes
- User Configuration Changes
- Package Installation/Uninstallation
- Changes to the Graphical and Text Interfaces
Releases of the JungleSec virus that target the Windows operating system can act against the Windows Registry. Changes to entries belonging to the operating system can lead to severe performance issues. Changes to registry entries belonging to individual applications or services can render certain functions inaccessible.
We anticipate that if the attack campaigns are succesful the virus engine can be modified to include even more dangerous components. An example would be a Trojan module which can create a secure connection to hacker-controlled servers. They can be used deliver additional threats, overtake control of the victim machines or spy on the victims in real time.
JungleSec Virus -Encryption
The ransomware engine is started once all previous components have finished execution. It uses a strong cipher in order to affect sensitive user data based on a built-in list of target data. An example list can target the following files:
All victim files are renamed with the [email protected] extension and the associated ransomware note is written in a file called ENCRYPTED.md that reads the following message:
mmm m m mm m mmm m mmmmmm mmmm mmmmmm mmm
# # # #”m # m” ” # # #” ” # m” ”
# # # # #m # # mm # #mmmmm “#mmm #mmmmm #
# # # # # # # # # # “# # #
“mmm” “mmmm” # ## “mmm” #mmmmm #mmmmm “mmm#” #mmmmm “mmm”
What happen to my data ?
Your data are encrypted. If you try to bruteforce, change the path, the name or do anything that can alterate a single byte of a file(s) will result
to a fail of the recovery process, meaning your file(s) will be loss for good.
How can I retrieve them ?
– To known the process, you must first send 0.3 bitcoin to the following address : 1Jj129L3SYjMs9X2F9xMSYZicCPbKrAZmC
– Once the payment made, send your email address to [email protected], do not forget to mention the IP of server/computer
Will you send the process recovery once payment is made ?
– We have no interest to not send you the recovery process if payment was made.
– Once the payment is made, you should receive the recovery process to decrypt your data in less 24 hours
Remove JungleSec Virus and Restore [email protected] Files
If your computer system got infected with the Donut ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.