It’s Time We Talk About JSWorm Ransomware

Evolutionary history

• First discovered in 2019, JSWorm ransomware gained infamy under several other names such as Nemty, Offwhite, and Nefilim, among others.
• Each rebranded strain had different codes, renamed file extensions, encryption keys, and different cryptographic schemes.
• In 2020, the developers changed the programming language to Golang from C++. it required them to completely rewrite the code.

Some statistics your way

• More than 39% of the victims targeted by the ransomware were located in Asia Pacific (Vietnam). Other victims were located in the U.S. Brazil, Argentina, Turkey, Iran, South Africa, Germany, Italy, and France.
• Around 41% of its victims operated in the engineering and manufacturing sector. It was followed by energy & utilities, professional & consumer services, and finance sectors at 10%.
• Transportation and healthcare sectors accounted for 7% of the attacks.

Extortionists

• The JSWorm ransomware family, in 2020, followed in the footsteps of other notorious ransomware families and started big-game hunting.
• The operators have their own data leak site where they publish stolen sensitive data.
• The website is still functional and, as of now, has details of more than 100 victim organizations. 
• Some victims have been unfortunate enough to have their individual pages on the website from which their data can be downloaded.

The bottom line