Jron Ransomware Homes In On Files For Encryption

ransomware

While examining malware samples submitted to online threat databases, our team discovered a new ransomware strain called Jron, which is a member of the Dharma ransomware family. Jron works by encrypting data, altering file names, presenting a pop-up window, and generating a "info.txt" file containing the ransom demands.

Jron adds a unique ID, the email address "jerd@420blaze.it," and the ".jron" extension to the end of each file name. For example, "1.jpg" becomes "1.jpg.id-9ECFA84E.[jerd@420blaze.it].jron," and so forth.

The ransom note instructs the victim to contact the attacker via email (ronrivest@airmail.cc, ronivest@tutanota.com, or roneast@tuta.io) and includes the unique ID to begin the restoration process. The attacker offers a free decryption service for up to three files, but there are specific limitations on file size and data type. The note also provides instructions on how to purchase Bitcoins to pay the ransom.

The victim is warned not to rename or decrypt the files using third-party software, as this may result in permanent data loss or increased fees.

Jron Ransom Note Follows Dharma Template

The full ransom note used by Jron reads as follows:

All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: ronrivest@airmail.cc (roneast@tuta.io) YOUR ID -

If you have not answered by mail within 12 hours, write to us by another mail:ronivest@tutanota.com

qTOX chat download link:
hxxps://tox.chat/download.html
qTOX chat ID: 67BFA5C82CA08CDD82A2DC14C2A521EA 4FF73E387CF79121B60450808F81395E51807A493878
Free decryption as guarantee:
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins:
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

What is the Best Way You Can Protect Your Data Against Ransomware Similar to Jron?

Ransomware like Jron can cause significant damage to your data and result in financial losses. To protect your data against this type of malware, you can take the following steps:

  • Back up your data regularly: Regularly back up your data to an external hard drive, cloud storage, or other secure location. This ensures that you have a copy of your important files in case they become encrypted or inaccessible due to ransomware.
  • Use anti-malware software: Install and use anti-malware software that includes real-time scanning and threat detection to help prevent ransomware infections.
  • Keep your software up to date: Make sure to install software updates and security patches as soon as they become available, as these often include fixes for known vulnerabilities that could be exploited by ransomware.
  • Exercise caution when opening emails and attachments: Do not open emails or attachments from unknown or suspicious sources. Be wary of emails with urgent or alarming subject lines and messages that ask you to take immediate action.
  • Enable two-factor authentication: Enable two-factor authentication for all accounts that offer it. This adds an additional layer of security to your accounts and can help prevent unauthorized access.
  • Educate yourself and your employees: Educate yourself and your employees on the risks of ransomware and how to avoid it. Regular training on cybersecurity best practices can help prevent ransomware infections and other cyber threats.
By Zaib
February 22, 2023
Ransomware
English
February 22, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Snick Ransomware Encrypts Several Files

Snick Ransomware is a dangerous malware threat that comes from the Makop family of malware threats. The actions of Snick Ransomware start with seeking out certain files, encrypting them, and then appending the .snick... Read more

March 3, 2022
Ransomware

Qlln Malware Seeks Personal Files for Encryption Like Other Known Ransomware Threats

Qlln is a malware threat that has ransomware capabilities where it may seek out a vulnerable system by hiding in a spam email attachment. Upon the computer user opening the spam email attachment that’s malicious they... Read more

May 24, 2022
Ransomware

Uyit Ransomware is Yet Another Djvu Clone Targeting Files for Encryption

Uyit is a type of ransomware that encrypts files and adds the ".uyit" extension to filenames. It belongs to the Djvu family of clones. Uyit also drops a "_readme.txt" ransom note file with instructions for victims to... Read more

December 8, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.