Juicylemon Ransomware

Posted by Lisa Blanc on June 7, 2016

What is Juicylemon Ransomware?

The name JuicyLemon Ransomware derives from an email address associated with this infection. Once it enters the system, it encrypts photos, documents, and other personal files that are of great value to users. If the encryption is executed successfully, a TXT file is created on the Desktop. This file has a random name (e.g., I0ZD0N3NPVY3LAPJT.txt), and it is created to introduce you to support@juicylemon.biz. The file also includes an additional email address (provectus@protonmail.com) and an address to enable Bitmessage communication. You are expected to connect to the creator of the ransomware via these email addresses or Bitmessage to receive further instructions. Anti-Spyware-101.com researchers warn that contacting cyber criminals is risky, and you should do so only if you want to pay the ransom, which, of course, it not something we recommend. What we recommend is deleting JuicyLemon Ransomware, and you can learn more about this via our report.testtesttest

How does JuicyLemon Ransomware work?

If your operating system is vulnerable, it will be easier for JuicyLemon Ransomware to slither in. Our research has revealed that this threat is spread using the Angler Exploit kit which exploits vulnerabilities to infiltrate malware. Cryptxxx Ransomware is another infamous ransomware infection that is spread using Angler, and it is possible that it will be used for the distribution of many other ransomware variants. This is why it is crucial that you keep your operating system and all apps up-to-date. It is most important to keep anti-malware software updated because cyber criminals exploit every chance they get, and you do not want new infections slithering in just because you failed to update your anti-malware software to identify new threats. All in all, despite the circumstances that have led to the infiltration of Cryptxxx Ransomware, right now, you need to deal with the current situation, which is the encryption of personal files. Have you found that the encrypted files have received a very suspicious extension? This long extension contains your ID number as well as the emails and BitMessage address you are asked to contact. The demands of cyber criminals are introduced to you via the Desktop file we have mentioned already, as well as the RESTORE FILES.txt file that is copied to every location containing encrypted files. Here are a few excerpts.

Hello! We inform you that all of your files are encrypted!
But do not despair. Decryption is not possible without our help, our help is not free and costs a certain amount of money.
To begin the process of recovery your files you need to write us an email, attaching an example of an encrypted file.

- Very important:
Do not try to decrypt files by third-party decoders otherwise you will spoil files!
Be adequate in dealing with us and we will solve your problem.

A disclaimer at the bottom of the message warns you against using other methods of decryption, but you should not pay attention to this. In fact, you should look into other ways of decrypting your files before even thinking about paying the ransom, which you will be asked to pay after you send an example of an encrypted file as told. Paying the ransom is not recommended because there is no way of securing the decryption of your files. Ransomware victims often report that their files remain locked even after they pay the payments requested. The reality is that you are making a deal with cyber criminals, and they simply cannot be trusted. Obviously, if you can't restore your files from a backup storage and you simply have no other option but to follow the demands, think carefully before making any steps because you do not want to regret your decision later.

How to remove JuicyLemon Ransomware

Do you know how to remove JuicyLemon Ransomware from your operating system? One good thing about this threat is that it deletes itself as soon as it is executed. Unfortunately, this threat copies the annoying RESTORE FILES.txt file to every location where encrypted files exist, and it might be a pain to detect and delete every single copy. If you choose not to pay the ransom, and you do not find a different way to decrypt files, you will also need to erase the encrypted copies of your files. If you are hopeful that a decryption tool will be invented in the future, you can store these encrypted files as well. All in all, we are hopeful that you have stored your personal files in a secure storage cloud or an external drive prior to the invasion of the ransomware, and you do not need to worry about the encryption at all.

Removal Instructions

  1. Simultaneously tap Win+E to access Windows Explorer.
  2. Type %TEMP% into the bar at the top and tap Enter.
  3. Right-click and Delete the malicious file if it was not automatically deleted already (the file is most likely to have a pink folder icon and it might be named WebCam.exe).
  4. Repeat the elimination of the malicious file after reaching the %APPDATA% directory.
  5. Erase RESTORE FILES.txt files.
  6. Restart the PC and perform a full system scan to check for any leftovers.
100% FREE spyware scan and
tested removal of Juicylemon Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *