Jopanaxye Ransomware Threatens Extortion

ransomware

Jopanaxye, a ransomware variant belonging to the Phobos family, was identified through an examination of malicious files. This malicious software encrypts files and adds the victim's ID, jopanaxye@tutanota.com email address, and ".jopanaxye" extension to the filenames. Additionally, two ransom notes, namely "info.txt" and "info.hta," are provided.

As an illustration of Jopanaxye's file renaming process, it transforms "1.jpg" into "1.jpg.id[9ECFA84E-3511].[jopanaxye@tutanota.com].jopanaxye," and similarly alters "2.png" to "2.png.id[9ECFA84E-3511].[jopanaxye@tutanota.com].jopanaxye," and so on.

The ransom note claims that the attackers have gained access to sensitive information, encompassing data on employees, customers, partners, accounting records, and internal documentation. The note delineates potential repercussions for non-compliance, highlighting the risk of selling the pilfered data on the black market.

Contact details and specifics for a designated messenger app, are provided by the hackers. The note endeavors to compel the victim to pay for decryption tools, assuring the deletion of data upon receipt of payment.

Furthermore, the note cautions against involving law enforcement, third-party negotiators, or utilizing decryption software, asserting that such actions may exacerbate the situation. The attackers propose a discounted rate if the victim reaches out within the initial six hours and concludes the transaction within 24 hours.

Jopanaxye Ransom Note Lists Multiple Communication Channels

The complete text of the random note produced by Jopanaxye reads as follows:

ATTENTION

Your network is hacked and files are encrypted.
Including the encrypted data we also downloaded other confidential information: data of your employees, customers, partners, as well as accounting and other internal documentation of your company.
About Data
All data is stored until you will pay.
After payment we will provide you the programs for decryption and we will delete your data
We dont want did something bad to your company, it is just bussines (Our reputation is our money!)
If you refuse to negotiate with us (for any reason) all your data will be put up for sale.
What you will face if your data gets on the black market:
The personal information of your employees and customers may be used to obtain a loan or purchases in online stores.
You may be sued by clients of your company for leaking information that was confidential.
After other hackers obtain personal data about your employees, social engineering will be applied to your company and subsequent attacks will only intensify.
Bank details and passports can be used to create bank accounts and online wallets through which criminal money will be laundered.
You will forever lose the reputation.
You will be subject to huge fines from the government.
You can learn more about liability for data loss here: hxxps://en.wikipedia.org/wiki/General_Data_Protection_Regulationor here hxxps://gdpr-info.eu
Courts, fines and the inability to use important files will lead you to huge losses. The consequences of this will be irreversible for you.
Contacting the police will not save you from these consequences, and lost data, will only make your situation worse.
How to contact us
Write us to the mails: jopanaxye@tutanota.com
You can contact our online operator in telegram: @GROUNDINGCONDUCTOR (BE CAREFUL ABOUT FAKE)
Download the (Session) messenger https://getsession.org in messenger :ID"05bc5e20c9c6fbfd9a58bfa222cecd4bbf9b5cf4e1ecde84a0b8b3de23ce8e144e"
Write this ID in the title of your message -
IF YOU WILL CONTACT US IN FIRST 6 hours , and we close our deal in 24 hours , PRICE WILL BE ONLY 30%.
(time is money for both of us , if you will take care about our time , we will do same , we will care of price and decryption process will be done VERY FAST)
ALL DOWNLOADED DATA WILL BE DELETED after payment.
What no to do and recomendation
You can get out of this situation with minimal losses (Our reputation is our money!) !!! To do this you must strictly observe the following rules:
DO NOT Modify, DO NOT rename, DO NOT copy, DO NOT move any files. Such actions may DAMAGE them and decryption will be impossible.
DO NOT use any third party or public decryption software, it may also DAMAGE files.
DO NOT Shutdown or Reboot the system this may DAMAGE files.
DO NOT hire any third party negotiators (recovery/police, etc.) You need to contact us as soon as possible and start negotiations.
You can send us 1-2 small data not value files for test , we will decrypt it and send it to you back.
After payment we need no more that 2 hours to decrypt all of your data. We will be support you untill fully decryption going to be done! ! ! (Our reputation is our money!)

How Can Ransomware Similar to Jopanaxye Enter Your System?

Ransomware, including variants similar to Jopanaxye, can enter your system through various means. Here are common methods through which ransomware may infiltrate a system:

Phishing Emails: Attackers often use phishing emails to distribute ransomware. These emails may contain malicious attachments or links that, when clicked, initiate the download and execution of the ransomware on the victim's system.

Malicious Websites: Visiting compromised or malicious websites can expose your system to drive-by downloads or exploit kits, which can silently install ransomware without your knowledge or consent.

Malvertising: Cybercriminals may use online advertisements to spread ransomware. Clicking on a malicious ad can lead to the download and installation of ransomware on your computer.

Exploiting Software Vulnerabilities: Ransomware can exploit vulnerabilities in your operating system or installed software. It's crucial to keep your system and applications up-to-date with the latest security patches to minimize the risk of exploitation.

Malicious Downloads: Downloading files from untrusted or suspicious sources, such as cracked software or pirated content, increases the risk of downloading ransomware along with the desired files.

Social Engineering Tactics: Attackers may use social engineering techniques to trick individuals into downloading and executing malicious files. This could include enticing users with fake software updates, free applications, or other seemingly harmless downloads.

By Zaib
January 9, 2024
Ransomware
English
January 9, 2024
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Intel Ransomware Threatens Double Extortion

During the examination of newly submitted file samples, our team came across the Intel ransomware, a malicious program affiliated with the Dharma ransomware family. This harmful software encrypts data and demands... Read more

December 4, 2023
Ransomware

Resq100 Ransomware Threatens to Leak Data

During a routine examination of new file sample submissions, our team of researchers made a significant discovery regarding the Resq100 malicious software. This particular program falls under the category of... Read more

July 4, 2023
Ransomware

LOCKEDFILECR Ransomware Attempts Double Extortion

LOCKEDFILECR is the name of a newly discovered ransomware strain. The new variant does not seem to belong to any particular big family of ransomware clones. LOCKEDFILECR will encrypt the targeted system, scrambling... Read more

September 20, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.