Jack.Pot Ransomware

Posted by Max Lehmann on October 28, 2016

What is Jack.Pot Ransomware?

Jack.Pot Ransomware is a malicious infection that is still in its developmental stage. It means that the program does not spread actively, and only a handful of users have been infected with it so far. Nevertheless, you should know more about the infection, in the case, it eventually grows into something bigger.

Since the program does not seem to be completed yet, it is hard to tell whether it will be possible to decrypt the affected files. However, it is always possible to restore the affected files by transferring healthy copies of the files from your backup drive. Therefore, there is always a way out of this situation, and the most important thing is to not panic. test

Where does Jack.Pot Ransomware come from?

As mentioned, the program does not have a wide distribution network as of yet. It is possible that the hackers behind the application infect several computers directly, trying to see how the program behaves, and what can be done to improve its functionality.

Once the program is fully equipped with all the appropriate functions, it is very likely that it will spread through spam email campaigns. That is the most common ransomware distribution method, and it would not be surprising if the program spread like that. Other potential ways for such programs to spread are website exploits and even remote desktop connection software. The bottom’s line is that users have to extremely careful nowadays if they want to avoid getting infected with such threats.

What does Jack.Pot Ransomware do?

Since the program is still underdeveloped, it might be hard to say what the final version will be capable of. Nevertheless, we can tell you more about the application can do right now.

As we take a closer look at the program’s code, we can tell that the main malicious file was compiled on March 14th, 2016. So you can see that it is a rather new infection.

Once the user gets infected with it, Jack.Pot Ransomware infects a list of files silently. We were not able to determine the encryption algorithm used by the program to lock up the target files. However, there is a silver lining to this situation because the infection targets only the files in the %USERPROFILE% directory. Also, each file that was affected by the infection will get additional “.code” extension. Of course, your operating system will not be able to read those files.

Unlike most of the ransomware applications, Jack.Pot Ransomware does not terminate or delete itself once the encryption is complete. It does not even leave a ransom note. Instead, it opens a new window with a message that says “all your important files are encrypted,” and to decrypt those files, you are supposed to pay 3.0 BTC (which is approximately $838USD), by transferring the digital money to the given Bitcoin address.

Sending the ransom payment to the given BTC address is pointless because it does not work. Our security experts say that this fact simply proves this program is still a work-in-progress. So you would not get your files back even if you were to pay the money. What’s more, since the program does not close itself, you cannot transfer healthy files back to your computer either. Any new files placed in the %USERPROFILE% directory will be encrypted automatically, so before you do any of that, you should remove Jack.Pot Ransomware from your computer.

How do I remove Jack.Pot Ransomware?

To terminate this infection, you need to close the black screen that tells you about the infection. You can do that by press the Alt+Tab keys and then opening the Task Manager to close the malicious program. After that, you will need to find the malicious file that launched the infection. It will probably be the file you have launched the last in your Downloads folder, or any other location where you save the downloaded files. You need to delete that file and after that, be sure to invest in a security application that would help you run a full system scan.

You need to check whether Jack.Pot Ransomware was the only malicious program on-board. The chances are that you will find more potential threats installed on your computer, so you need to do everything in your power to remove them as well.