Jycx Ransomware is a Djvu Threat Family Member Looking To Encrypt Your Files
In the course of our investigation, we uncovered Jycx, a type of ransomware that utilizes file encryption and modifies file names by appending the ".jycx" extension. Additionally, it creates a ransom note file named "_readme.txt". Our team discovered Jycx when examining various malware samples.
For instance, Jycx modifies file names by adding the ".jycx" extension to the original names, such as changing "1.jpg" to "1.jpg.jycx" and "2.png" to "2.png.jycx", among others. It is noteworthy that Jycx belongs to the Djvu ransomware family, which is commonly distributed in conjunction with RedLine, Vidar, and other information stealers.
The ransom note contains two email addresses (support@freshmail.top and datarestorehelp@airmail.cc) and advises victims to contact the attackers within 72 hours to avoid paying a higher ransom of $980 for decryption tools rather than the initial amount of $490.
Moreover, the ransom note claims that the encrypted files cannot be restored without purchasing decryption software and a unique key from the attackers. Additionally, the ransom note offers free decryption of a single file, which cannot contain essential data. Given these details, it is likely that Jycx will continue to be a threat for some time.
Jycx Promises "Free" Decryption in Ransom Note
The full Jycx ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-fkW8qLaCVQ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How is Ransomware Like Jycx Usually Distributed?
Ransomware like Jycx can be distributed through various means, including email phishing campaigns, malicious software downloads, or exploitation of unpatched software vulnerabilities. In some cases, attackers may use social engineering tactics, such as disguising the ransomware as a legitimate software update or a security patch. Another common method of distribution is through malicious websites or malvertising, where attackers inject malicious code into legitimate websites or advertisements.
It's important to practice good cybersecurity hygiene, such as regularly updating software, being cautious of email attachments, and using antivirus and anti-malware software, to reduce the risk of falling victim to ransomware attacks.
