- The malware uses Blowfish algorithm to encrypt files on a victim’s machine.
- The ransomware appends the encrypted files with '.JSWorm' extension and leaves a ransom note named ‘JSWORM-DECRYPT.txt'.
Good news for the victims who have fallen victim to JSWorm 2.0 ransomware. A free decrypter has been released to decrypt the files encrypted by the ransomware.
What is the JSWorm 2.0 ransomware?
JSWorm 2.0 is a ransomware written in C++ language. The malware uses Blowfish algorithm to encrypt files on a victim’s machine. Later, it appends the encrypted files with '.JSWorm' extension and leaves a ransom note named ‘JSWORM-DECRYPT.txt'.
The note includes the payment process in order to retrieve the locked files. The note also provides decryption for 3 encrypted files for free after which the victim will be charged for the rest of the files.
The malware was first discovered in January 2019 and has infected victims from South Africa, Italy, France, Iran, Vietnam, Argentina, United States, and other countries.
What is its impact?
A JSWorm 2.0 infection will have the following impacts.
- Setting the ‘EnableLinkedConnections’ registry key. This allows the attackers to drive the attack by setting themselves with admin privilege.
- Restarting Server Message Block services such as lanmanworkstation.
- Stopping services for databases like MSSQL, MySQL, and QuickBooks.
- Disabling the recovery mode and killing shadow copies.
What is the solution?
Emsisoft has released a decryptor to tackle the file encrypted by the ransomware. The affected victim can download the decryption key to restore their locked files.