Cryptojoker ransomware is another name to the ransomware list.
Cryptojoker ransomware also encrypts various files. But all files are encrypted using AES-256 encryption.After encryption, users get a message informing them to pay ransom in bitcoins.
Files encrypted generally are .txt, .doc, .docx, .ppt, etc
How Cryptojoker works?
- CryptoJoker is distributed as a .PDF file with email attachment.
- Once the CryptoJoker’s .PDF file is executed, a number of malicious files are downloaded/generated within the %AppData% or %Temp% folders.
- Each files will perform various tasks such as :
- Send information to the Command & Control server
- Polling for active Regedit or Taskmgr processes
- Terminating them
- It then adds a .crjoker extension to each encrypted file.
- There will be a displayed message which shares all information regarding the encryption
- Message also guide users to pay ransom within the given time frame, otherwise the private key (which is used to decrypt files) will be deleted and it will become impossible to recover the files affected by CryptoJoker.
- The message contains step-by-step payment instructions delivered in English and Russian.
According to Barkly survey less than half of ransomware victims fully recover their data, even with backup. So prevention is better than cure.
Few preventive tips for Cryptojoker Ransomware:
- Have a backup of all your files
- Pay attention to your PC’s behavior.
- Avoid shady sites and have a good email security solution
- Be careful when opening new e-mails from unknown senders.
Logix Infosecurity is pioneer in email security, anti threat protection, anti spoofing and offers advice on preventing (and recovering from) attacks by ransomware since last 17 years.
Logix Infosecurity has half a million email security customers. You can download email security, advanced threat protection, anti spoofing and anti spamming protection guidebook to know more about how Logix Infosecurity can help you stay protected.