What is JerryRansom Ransomware?
JerryRansom ransomware, derived from the Chaos ransomware, poses a significant threat to computer systems. This malicious software encrypts files, alters desktop settings, and demands ransom from victims for file decryption.
Table of Contents
Encryption and Ransom Note
Upon infiltration, JerryRansom encrypts files and appends random characters to their filenames, making them inaccessible. A ransom note, named "Read_me.txt," is left behind, detailing the attack and demanding a ransom of $11.03 in Bitcoins for file decryption.
The JerryRansom ransom note reads like the following:
-----------------Ваша ОС атакована!-----------------
Здравствуйте, жертва. Ваши файлы были зашифрованы вымогателем JerryRansom
Чтобы расшифровать файлы, вам необходимо заплатить 11,03$ в биткоинах.
BitCoin-кошелек:17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
После оплаты, напишите мне на электронную почту:jerryjobransom@gmail.com
-----------------Your OS has been attacked!-----------------
Hello, victim. Your files were encrypted by the Jerry Ransom ransomware
To decrypt the files, you need to pay $11.03 in bitcoins.
BitCoin Wallet:17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
After payment, write to me by e-mail:jerryjobransom@gmail.com
-----------------Что случилось с моим устройством?-----------------
Ваша операционная система была атакована вымогателям JerryRansom. Все ваши файлы зашифрованы. Инструкция по расшифровке есть выше.
-----------------What happened to my device?-----------------
Your operating system has been attacked by the JerryRansom ransomware. All your files are encrypted. The decryption instructions are above.
Communication with Attackers
Victims are instructed to contact the attacker via email to arrange payment and decryption. The note is presented in both English and Russian languages, indicating a wide target audience.
Paying the ransom is discouraged as there's no guarantee of file recovery. Instead, victims are advised to explore third-party decryption tools or restore files from backups.
Understanding Ransomware
Ransomware attacks typically involve file encryption, ransom demands in cryptocurrency, and threats of dire consequences for non-compliance. Examples include Wing, Ldhy, and Fastbackdata.
Infection Methods
Ransomware spreads through phishing emails, compromised websites, pirated software, or software vulnerabilities. Interacting with malicious links or attachments initiates the infection process.
Protecting Against Infections
Regularly updating software, practicing caution with email attachments, and avoiding suspicious websites are crucial preventive measures. Using official sources for downloads and refraining from pirated software minimize infection risks.
Removal and Recovery
If infected, promptly scan your system with anti-malware software to remove the ransomware. Maintaining backups and staying vigilant against future threats are essential for comprehensive protection.
