Emsisoft releases a free decrypter for JSWorm 2.0 Ransomware

[harlan4096]

Our malware research team just released a decrypter for the new ransomware we nicknamed JSWorm 2.0.

Update: The JSWorm 2.0 decrypter has been updated for the extension ‘.JURASIK’

JSWorm 2.0 is written in C++ and uses Blowfish encryption. We call it “2.0” because there was another C# ransomware that used the “.JSWORM” extension. Some strings also suggest this ransomware may be from the same author.

Notable callouts were also found in two different malware samples naming ID Ransomware and several prominent malware researchers:

“:HI SIRI, DEMONSLAY AND AMIIIIGO!!! HOW ARE YOU?”

and

“:ID-RANSOMWARE, IT’S JUST THE BEGINING [sic] OF SOMETHING NEW…”

There have been multiple confirmed submissions to ID Ransomware (a website where victims upload their encrypted files to identify the ransomware that has encrypted their data) since January 2019, including victims from South Africa, Italy, France, Iran, Vietnam, Argentina, United States, and other countries.

Its files have the “.[ID-<numbers>][<email>].JSWORM” extension and the ransom note file named “JSWORM-DECRYPT.txt.”

If you’re a victim of this ransomware, please follow the instructions below and DO NOT PAY the ransom

* Download the JSWorm 2.0 Decrypter Here

Continue Reading