Jupstb Ransomware

What is Jupstb Ransomware?

Jupstb Ransomware is quite a threat. It enters the operating system silently, and then it demands the victim to contact them via provided email addresses. The goal here is to make you communicate with the attacker so that they could push you to pay money to get your files decrypted. This, most likely, is exactly what you want, but you need to think carefully if that is a good idea. If you want our opinion, Anti-Spyware-101.com researchers strongly recommend NOT paying the ransom. In fact, it is best if you do NOT interact with the attackers in the first place. Unfortunately, this malware can hit the most personal and valuable files, and you might be willing to do whatever it takes to recover them. If these files matter that much, it is possible that you have them backed up outside the infected machine. In that case, quickly remove Jupstb Ransomware from your operating system and secure it to ensure that you do not need to face and delete other threats in the future. If you do not have backups, your files are likely lost already.

How does Jupstb Ransomware work?

It was discovered that Jupstb Ransomware is just another version of Snatch Ransomware. So far, we know of at least three different variants of this threat, and they are all known by names that match the extensions added to the encrypted files. These extensions are “.snatch,” “.FileSlack,” and, of course, “.jupstb.” Since Snatch Ransomware was the one found originally, that is how most anti-malware software detects and removes all variants too. Therefore, if you decide to use an automated malware removal tool, do not be surprised if it identifies Jupstb Ransomware by a different name. If you are not exactly sure which threat you are dealing with, a malware scanner might be a very helpful tool. Also, we advise running it whenever a malicious file or program is found because you want to make sure that other threats do not exist. In some cases, ransomware is downloaded and executed by other threats that already exist, and if that is the case, you need to delete these other threats too! All in all, it is most likely that this particular ransomware slithered in alone via spam email or using unsecure RDP configurations.

After execution, files are encrypted immediately, and then Jupstb Ransomware creates a text file called “Readme_Restore_Files.txt.” This file, according to our research team, is created in every directory and folder where the encrypted files are. It is safe to open the file because it simply shows a message. It informs that files are “ciphered,” and that attempts to decrypting them manually or using third-party software could lead to permanent damage. The message lists johnsonwhate@protonmail.com and johnsonwhate@tutanota.com, and since no information regarding the decryption of files is provided, you might think it is a good idea to contact the creator of Jupstb Ransomware. Well, if you do not want them sending you spam emails with malware files or links to malicious sites and downloaders, you want to think if that is such a good move. The victims of Snatch Ransomware were instructed to email imBoristheBlade@protonmail.com, while those dealing with the malicious FileSlack Ransomware were introduced to gomer@horsefucker.org and gomersimpson@keemail.me. Overall, regardless of the email address, we do not recommend contacting the attackers.

How to remove Jupstb Ransomware

Hopefully, your personal files are not lost, and you can delete Jupstb Ransomware without having to worry about their fate. However, keep in mind that even if you do not have backups for your files, you still need to remove the malicious infection. Should you contact the attackers and ask them to help you decrypt your files? We do not recommend that because the attackers could record your email for attacks in the future, and they would, most likely, ask you for money in return for a decryptor. Paying money to the attackers is a waste, and your files are unlikely to be decrypted if you do as told. This is why we focus completely on the removal of Jupstb Ransomware. You might be able to eliminate this threat manually, but we suggest relying on a trustworthy anti-malware program because it can serve you as a malware remover and, at the same time, as a reliable Windows security protector.

Removal Instructions

1. Delete all recently downloaded suspicious executables to eliminate the infection’s launcher.
2. Delete the ransom note file called Readme_Restore_Files.txt from all affected locations and Startup:
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   • %APPDATA%\Microsoft\Windows\Start Menu\Startup
   • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
3. Empty Recycle Bin.
4. Install a malware scanner and scan the system for leftovers.

Note: to access the listed directories, tap Win+E to launch Explorer and type the directory path into the quick access field. Download Removal Tool100% FREE spyware scan and
tested removal of Jupstb Ransomware*