Jypo Ransomware Will Lock Your Files & Demand Payment To Get Them Back
Jypo is a type of ransomware that uses encryption to prevent victims from accessing their data, while also renaming files by appending its extension (".jypo") to the filenames. The ransomware is accompanied by a ransom note called "_readme.txt," which instructs targeted individuals to contact the attackers via email within 72 hours to obtain a decryption tool comprising decryption software and a unique key.
Our discovery of Jypo came from analyzing malware samples. Furthermore, our investigation revealed that Jypo belongs to the Djvu ransomware family and may be distributed alongside information stealers such as RedLine and Vidar.
Jypo's ransom note contains two email addresses for contacting the attackers: support@freshmail.top and datarestorehelp@airmail.cc. The note also indicates that victims are allowed to send one encrypted file for free decryption, provided the file is less than 1 MB in size and does not contain important information. If the time limit of 72 hours elapses, the cost of the decryption tools increases from $490 to $980. Jypo's file renaming process involves adding the ".jypo" extension to the original file name, for example, "1.jpg" becomes "1.jpg.jypo" and "2.png" becomes "2.png.jypo," and so on.
Jypo Uses Typical Djvu Ransom Note Template
The full Jypo ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-fkW8qLaCVQ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:
How Can Ransomware Like Jypo Spread?
Ransomware like Jypo can spread through various means, including phishing emails, malvertising, exploit kits, and remote desktop protocol (RDP) attacks. One common method is through phishing emails, where attackers craft emails that appear to be legitimate and urge the recipient to click on a link or download an attachment. The link or attachment may contain the ransomware payload, which installs itself on the victim's computer once clicked or downloaded.
Malvertising involves placing malicious ads on legitimate websites that can redirect users to a website that distributes the ransomware. Exploit kits exploit vulnerabilities in software or operating systems to install the ransomware without the user's knowledge.
RDP attacks occur when attackers gain unauthorized access to a computer through an unsecured RDP connection. Attackers can use brute-force techniques to guess weak passwords or buy them on the dark web to gain access.
Once ransomware like Jypo infects a computer, it can quickly spread to other devices on the same network or connected to the same cloud services. It can also encrypt files on removable drives, such as USB sticks, making them inaccessible.
Overall, ransomware like Jypo can spread through multiple attack vectors, making it crucial for individuals and organizations to implement strong security measures, including regular backups and keeping software and systems up-to-date with the latest security patches.
