JCry Ransomware

What is JCry Ransomware?

Malware seems to wait for us behind every virtual corner, and JCry Ransomware proves that. The malicious code of this dangerous infection was recently found in a plugin used by hundreds of websites in Israel. Although the code had a serious bug that prevented the infection from executing successfully onto the systems via which the affected sites were accessed, this is not likely to be the end of this malware. The creators of this malicious infection could be creating a new plan to attack you as you read this. Hopefully, you still have time to secure your operating system and prevent this ransomware from slithering in. If you do not know how to take care of that, keep reading this report because we include useful tips. We also include a removal guide that shows how to delete JCry Ransomware in case this threat eventually starts invading Windows operating systems. Please note that the comments section is open, and you should not hesitate to add questions you might have about the threat.testtest

How does JCry Ransomware work?

JCry Ransomware – or OpJerusalem Ransomware – was supposed to invade operating systems when its creators modified a popular plugin used by many websites. This did not work out for them, but if it did, the infection should have been executed silently. Afterward, it should have created files in the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup folder. Two of these files remain present even after they are executed. These files are called “Dec.exe” and “PersonalKey.txt.” There are two more files – named “Enc.exe” and “msg.vbs” – that are supposed to delete themselves after execution. The manual removal instructions below show how to find these files, and whether you find one of them or all four of them active, you must remove them all. If the malicious components of JCry Ransomware are not removed right away, the threat should encrypt files, after which, the “.JCry” extension should be attached to all of them. If the files are encrypted, they are locked, and you cannot restore them manually. Third-party software is unlikely to help either. Unfortunately, the attackers rush to offer help, which, needless to say, should not be trusted.

After all files are corrupted, JCry Ransomware should create a file named “JCRY_Note.html” on the Desktop. This file opens a text message that presents very clear instructions. The first step is to send a ransom of $500 in a form of Bitcoin to 1FKWhzAeNhsZ2JQuWjWsEeryR6TqLkKFUt, which is the attackers’ wallet address. The second step is to download the Tor Browser and follow the presented link. After this, you are supposed to enter the payment information to confirm it. It is stated that once the payment is checked, a decryption key would be uploaded. The final step instructs to open the same link, enter a unique ID code, and download the decryption key. Unfortunately, it is most likely that you would get nowhere by paying the ransom. At the moment, the website you are linked to does not work at all, but even if it did, you are unlikely to get the decryptor even if everything else goes according to plan. Cyber criminals are blackmailing you to get your money, and they do not care about the rest.

How to delete JCry Ransomware

If JCry Ransomware invades your system, you need to delete it as soon as possible because it is a serious threat. Although some of its components are set to remove automatically, there are others that must be eliminated manually. Of course, you do not need to do that on your own. Although manual removal of JCry Ransomware might be rewarding for you personally, it is much better if you employ trustworthy anti-malware software. It is built to automatically eliminate existing threats and, at the same time, rebuild the security of the operating system to prevent malware from entering. Unfortunately, from time to time, we face malware that simply cannot be stopped, and that is why you also want to back up personal files. You can do that in many different ways. For example, you can set up cloud storage, and you can even have your files backed up automatically. You can also back up files manually by transferring them onto a dedicated external drive.

Removal Guide

  1. Launch Explorer by tapping keys Win+E on the keyboard.
  2. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup into the bar at the top.
  3. Delete the files named Dec.exe, PersonalKey.txt, Enc.exe, and msg.vbs.
  4. Delete the ransom note file named JCRY_Note.html from the Desktop.
  5. Delete all recently downloaded suspicious files. 
  6. Empty Recycle Bin to complete the removal processes.
  7. Install a malware scanner to inspect your system for leftovers that you might still need to take care of. 100% FREE spyware scan and
    tested removal of JCry Ransomware*

Leave a Comment

Enter the numbers in the box to the right *