The JeepersCrypt Ransomware is a newly discovered virus threat made by an unknown hacker that can easily be removed by following our complete removal guide, continue reading to learn more about it.
JeepersCrypt Ransomware Description
Malware researchers detected a new virus threat made by an unknown hacker. Its called the JeepersCrypt ransomware and at the moment an initial security analysis is ongoing. At the moment we have only a limited amount of information about the malware. It seems that it includes only a basic virus engine which launches the encryption process upon infection.
Like most other similar threats the built-in encryption engine starts to process the most commonly used user data. The hackers typically use a predefined built-in list of file type extensions encrypted with a strong cipher. User files such as their documents, videos, photos, archives, databases and other sensitive information is encrypted.
When this process is complete a ransomware note is displayed to the victims. It is shown in an application frame titled “JeepersCrypt Ransomware”. Depending on the malware sample it may also function as a screenlocker – a feature which prohibits ordinary computer interaction and may prevent any manual removal attempts. It shows the following message:
Todos os seus arquivos importantes foram encriptados
Voce tem 24 horas para comprar uma chave privada para desencriptar seus arquivos
o preco da chave e 0.0200 BTC (bitcoin que vale a 77 reais) para comprar a chave
para comprar a chave entre em contato via email: [email protected]
e envie uma mensagem com o seguinte titulo “Quero comprar uma chave para
desencriptar meus arquivos” que irei passar as informacoes de como comprar a chave
Insira a chave para desenscriptar seus arquivos
The text is written in Portuguese and a machine translated version of it reads the following:
All your important files have been encrypted
You have 24 hours to buy a private key to decrypt your files
The price of the key and 0.0200 BTC (bitcoin that is worth 77 reais) to buy the key
To buy the key contact us via email: [email protected]
And send a message with the following title “I want to buy a key for
Decrypt my files “that I will pass the information on how to buy the key
Enter the key to decrypt your files
The note reads a standard message which states a fixed sum of 0.0200 Bitcoins, equivalent of approximately 25 US dollars. The hackers are also using an anonymous email hosting service which can be used as a relay to further hide their traces.
The ransomware note suggests that a standard template has been used. This means that the criminals are probably going to make an updated version of the JeepersCrypt Ransomware in the near future.
It may contain additional features and modules such as:
- Trojan Component – An updated version of the virus can include a backdoor which can be used to remote control the system by the criminals.
- Information Harvest –The criminals can download files and folders by the inclusion of a downloader.
- Additional Payload Delivery – The virus can be used to deploy additional malware to the infected computer.
- System Modification – Advanced updates of the JeepersCrypt ransomware may modify the system making software and even hardware components to function improperly.
- Peristence – Future versions may create a persistent environment where the virus modifies the system in real-time making removal impossible without the use of a quality anti-malware solution.
JeepersCrypt Ransomware Distribution
The JeepersCrypt ransomware is currently being distributed in a limited attack campaign. The fact that the ransomware note is written in Portuguese indicates that the target victims are probably speakers of the language.
At the moment the preferred method of distribution is unknown. This is the reason why the researchers are not able to give out specific information about the infection strategies of the malware operators.
Email spam is one of the preferred methods for distributing viruses worldwide. The hackers use templates and various social engineering (phishing) strategies to lure the targets into infecting themselves. The JeepersCrypt ransomware may be attached directly to the messages or linked in the bodies. This type of infection strategy also includes the popular infected documents trick. The hackers create files that appear as documents of user interest – invoices, letters, contracts and etc. When they are opened a prompt notification appears which requests the user activate the built-in scripts. If it is trigerred the macros downloads and executes the payload.
The virus can also be distributed through infected installers which are often found on hacker-controlled or hacked download sites, as well as P2P networks like BitTorrent. The criminals bundle popular freeware and trial versions of applications, games, updates, patches and etc.
Browser hijackers are another source of ransomware infections. They are malicious browser extensions made for the popular web browsers – Mozilla Firefox, Google Chrome, Internet Explorer, Safari and Microsoft Edge. They change the default home page, search engine and new tabs page to point to a hacker-controlled site which distributes viruses. In addition the hijackers have the ability to extract sensitive information such as stored cookies, history, accounts and can track the users in real time. This is also one of the supply channels for email address harvest.
Direct hacker intrusion attempts are used by automated penetration testing frameworks. They attempt to find a vulnerability in installed software packages on the victims computers.
Summary of the JeepersCrypt Ransomware
| 0.0200 BTC|
|You can skip all steps and remove JeepersCrypt Ransomware ransomware with the help of an anti-malware tool.|
|JeepersCrypt Ransomware ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.|
|Spam Email Campaigns, malicious ads & etc.|
JeepersCrypt Ransomware Ransomware Removal
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
- 1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
- 1) Open My Computer/This PC
2) Windows 7
- – Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
- – Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
- 1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely JeepersCrypt Ransomware Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
- 1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
STEP VI: Recover JeepersCrypt Files
How To Restore JeepersCrypt Files
- 1) Use present backups
- 2) Use professional data recovery software
- – Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
- 3) Using System Restore Point
- – Hit WIN Key
– Select “Open System Restore” and follow the steps
- 4) Restore your personal files using File History
- – Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button