Jump to content

CryptoJoker Ransomware Will Not Put a Smile on Your Face

Starbuck
 Share

Recommended Posts

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

New ransomware discovered, currently undecryptable

 

http://img.photobucket.com/albums/v708/starbuck50/cryptojoker-ransomware-will-not-put-a-smile-on-your-face-498387-3_zpsniyc9r3v.jpg

 

A new ransomware family has been discovered, dubbed CryptoJoker after the .crjoker string that it adds at the end of each encrypted file.

 

CryptoJoker is relatively new on the malware market, and according to security researchers from MalwareHunterTeam and Bleeping Computer, it is not actively being distributed at this moment.

 

The ransomware infects users via weaponized PDF files, so the most obvious infection scenarios would be via spam and spear phishing campaigns.

 

CryptoJoker's modus operandi is quite similar to what we've seen from all modern ransomware families, infecting computers, encrypting files using AES-256 encryption, and then showing a popup over the entire area of the screen.

 

Victims are encouraged to send an email to three addresses (file987@sigaint.org, file9876@openmail.cc, or file987@tutanota.com) in order to negotiate payment and get their files back.

 

The ransom note does not list a specific sum of money, so there are chances that the ransomware's author may be convinced to lower their price during negotiations.

 

Because of the high-end encryption method chosen by CryptoJoker's author, there's no way to decrypt files in the foreseeable future.

 

Since the ransomware targets 30 file extensions and deletes shadow volume copies, users are left with only two options: recover files from an older archive, or contact the CryptoJoker ransomware author and pay the ransom.

 

We have contacted Bleeping Computer's Lawrence Abrams requesting information about CryptoJoker's VirusTotal detection rate.

 

http://img.photobucket.com/albums/v708/starbuck50/cryptojoker-ransomware-will-not-put-a-smile-on-your-face-498387-2_zpsjtjeqodw.jpg

 

This ransom note will stay on top of your open applications unless you terminate the %Temp%\WinDefrag.exe process.

 

 

Source:

http://news.softpedia.com/news/cryptojoker-ransomware-will-not-put-a-smile-on-your-face-498387.shtml

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...