FANDOM



JabaCrypter is ransomware found in April 2018, seemed to either originate in Russia, had the intent to spread in Russia, or simply made by a Russian speaker, the 'readme' only being in Russian.

Payload

The ransomware is usually inserted into the user's computer by a drive-by download that contains the ransomware, or possibly email attachments containing a download to the ransomware.

After encrypting all of the user's files and adding a '.cryptfile' extension to the encrypted files, the ransomware will drop a text file that reads (translated into English):

Report: All your files are successfully encrypted. Without panic, Ladies, and Gentlemen! All your files and databases are successfully encrypted by our sly-ass crypto. Deciphering all your goods without having a unique “decryptor” is virtually impossible ! you simply destroy all your data. If you are not greedy, but a very generous person, then we are ready to exchange all your precious information for a pathetic paper called bucks. Believe me, the loot wins the evil, give it to us. On the acquisition of “decryptor” write to the mail: jabanenok@gmail.com In the letter – do not forget to indicate your “id” specified at the end of each encrypted file. We will decrypt for free several of your files so that you can make sure that we have the decoder, maybe he will be by you. © 2018 Everything will be fine!
Community content is available under CC-BY-SA unless otherwise noted.