Jazi Ransomware Will Encrypt Your Files
Jazi, identified through analysis of new file samples, functions as ransomware once it infiltrates a system. Upon infiltration, it encrypts files, adds the ".jazi" extension to filenames, and leaves a ransom note labeled "_readme.txt." An illustrative example of the file renaming process includes transforming "1.jpg" into "1.jpg.jazi," "2.png" into "2.png.jazi," and so forth.
It's crucial to emphasize the connection between Jazi and the Djvu ransomware family. Notably, cyber threat actors have been observed deploying ransomware from this family simultaneously with information stealers.
The ransom note tells the victim that their data and files, including images and documents, have undergone encryption. The attackers propose purchasing a decryption tool and a unique key to recover the files. They offer to decrypt one file for free as a demonstration of their capability, provided it's not crucial data.
The ransom amount is $980, but there's a 50% discount if the victim contacts the cybercriminals within 72 hours, reducing the sum to $490. The message warns that data recovery is impossible without payment and provides the email addresses support@freshmail.top and datarestorehelpyou@airmail.cc for communication.
Jazi Ransom Note in Full
The complete text of the Jazi ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-iu965qqEb1
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelpyou@airmail.ccYour personal ID:
How is Ransomware Like Jazi Distributed Online?
Ransomware like Jazi is typically distributed online through various tactics and vectors. Some common methods include:
- Phishing Emails: Cybercriminals often use phishing emails to distribute ransomware. These emails may contain malicious attachments or links that, when clicked, download and execute the ransomware on the victim's system. The content of these emails is crafted to deceive the recipient into taking actions that lead to the installation of the ransomware.
- Malicious Websites: Visiting compromised or malicious websites can also result in the download and installation of ransomware. This can happen through drive-by downloads, where malware is automatically downloaded and executed when a user visits a compromised website without their knowledge.
- Malvertising: Malicious advertising, or malvertising, involves placing malicious code in online ads. When users click on these ads or visit websites displaying them, the malware is delivered to their systems. Ransomware distributors may use malvertising to spread their malicious software.
- Exploit Kits: Exploit kits are tools used by attackers to exploit vulnerabilities in software. If a user's system has outdated software with known vulnerabilities, an exploit kit can be used to deliver and execute ransomware. Regular software updates and patches are crucial for protecting against this type of attack.
- Watering Hole Attacks: In watering hole attacks, cybercriminals compromise websites that are frequently visited by their target audience. When users visit these sites, they may unknowingly download ransomware onto their systems.
