Jzqe Ransomware Encrypts Popular File Types
In the analysis of recently discovered malware samples, a variant of the Djvu ransomware, identified as Jzqe, has been detected. Jzqe functions by encrypting files and modifying their file names by adding the ".Jzqe" extension. Additionally, Jzqe is programmed to generate a text document named "_readme.txt," containing a ransom message.
Typically, Djvu ransomware is distributed alongside information-stealing malware such as RedLine or Vidar by malicious actors. To illustrate how Jzqe modifies file names, it changes "1.jpg" to "1.jpg.Jzqe," "2.png" to "2.png.Jzqe," and so on.
The ransom message, delivered by the attackers, provides two email addresses: support@freshmail.top and datarestorehelp@airmail.cc. It strongly urges victims to initiate contact with the cybercriminals within a 72-hour timeframe to prevent an increase in the ransom amount. Initially, the requested payment for the decryption tools is set at $490.
Furthermore, the message emphasizes that recovering the encrypted files is impossible without obtaining the decryption software and a unique key from the attackers. Additionally, it presents an option to decrypt a single file at no cost, with the condition that the chosen file should not contain valuable data.
Jzqe Ransom Note in Full
The complete text of the Jzqe ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-WbgTMF1Jmw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
restorealldata@firemail.ccReserve e-mail address to contact us:
gorentos@bitmessage.chOur Telegram account:
@datarestoreYour personal ID:
How Can You Protect Your Data from Ransomware Attacks?
Protecting your data from ransomware attacks is crucial in today's digital landscape. Here are several proactive measures you can take to safeguard your data:
Backup Regularly:
Regularly back up your important data to an external hard drive, a secure cloud service, or an offline storage solution. Ensure that your backup is not directly accessible from the system to prevent ransomware from encrypting it.
Use Reliable Security Software:
Install reputable antivirus and anti-malware software to detect and block ransomware before it can infect your system. Keep the security software updated for the latest threat definitions.
Update Software and Operating Systems:
Regularly update your operating system, software applications, and security software. Software updates often include patches for vulnerabilities that could be exploited by ransomware.
Exercise Caution with Email Attachments:
Be cautious when opening email attachments, especially if they are from unknown or unexpected sources. Avoid clicking on links or downloading attachments from suspicious emails.
