Experts at Emsisoft malware research team released a decrypter for a recently discovered ransomware tracked as JSWorm 2.0.
JSWorm 2.0 is written in C++ and implements Blowfish encryption. The first version of the malware was written in C# and used the “.JSWORM” extension. Researchers believe both versions were developed by the same author.
Researchers found notable callouts in two different malware samples naming ID Ransomware and several prominent malware researchers:
“:HI SIRI, DEMONSLAY AND AMIIIIGO!!! HOW ARE YOU?”
and
“:ID-RANSOMWARE, IT’S JUST THE BEGINING [sic] OF SOMETHING NEW…”
Experts pointed out that there have been multiple confirmed submissions to the online service ID Ransomware that allows victims to upload their encrypted files to identify the ransomware that infected their machines. Since January 2019, experts observed encrypted files uploaded from South Africa, Italy, France, Iran, Vietnam, Argentina, United States, and other countries.
“Its files have the “.[ID-<numbers>][<email>].JSWORM” extension and the ransom note file named “JSWORM-DECRYPT.txt.”” reads the post published by Emsisoft.
Once infected a computer, the JSWorm 2.0 ransomware will perform the following actions:
Victims of the JSWorm ransomware have to follow the instructions below to decrypt their files for free:
Done!
Thank you
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – JSWorm 2.0. ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.