Just Ransomware is a New Dharma Clone That Demands Payment To Encrypt Targeted Files
A new variant of the Dharma ransomware family was spotted in the wild in late November 2022. The new strain is called the Just ransomware.
Just will encrypt files on the victim system and change their names and extensions. The encryption process appends the victim's ID string, the email used by the Just operator and the ".just" string to encrypted files.
This will turn a file formerly called "image.jpg" into "image.jpg.id-STRING.[justdoit@onionmail.org].just".
The encryption process will affect most file extensions, including documents, media files, archives and databases.
Once the ransomware finishes scrambling files, it will drop its ransom demands inside a file called "FILES ENCRYPTED.txt". A longer version of the ransom note is displayed in a pop-up and reads as follows:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email justdoit at onionmail dot org YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:justdoit at msgsafe dot io
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.