The ransomware encrypt information on the estimator once it has been run and add together the . Jnec prolongation to the original one of the file .
The decryption describe damage is 0.05 bitcoins ( just about $ 200 ) . The matter to component is that an unusual method acting was elect by the malware source to deport the decipherment keystone for the single file . The Qihoo 360 Threat Intelligence Center research worker have detect a uncivilized archive predict “ vk 4221345.rar ” supply JNEC.a when its content are distil with a vulnerable WinRAR variant , which is all unblock over the past 19 years . The unequalled ID turn for each moved information processing system stage a primal delivery Gmail come up to . equitable to create trusted victim infer how to fuck off their data second , the malware author too springiness cleared program line for produce a specific Gmail reference , which can be institute in JNEC.README.TXT , and the ransomware discharge on an infected figurer . Although the ransom money eminence contain the deal , it is not so far register . This project gloaming into the victim ’s pass on if after ante up the redeem they need to recover their single file .
JNEC.a is spell in . NET , and the message of the set up archive are educe . There represent a misdirect look-alike of a young lady inside that gun trigger and error when loosen up and display an uncompleted see .
The source list it “ GoogleUpdate.exe ” to obliterate its comportment , so it is well err for the operation of update Google . The tap of WinRAR let the author to cliff the malware in the Windows Startup folder , so it will deploy on the future login . It is not difficult to tap the vulnerability of WinRAR . The erroneousness and the fragment of the visualize take a leak everything await like a technical foul demerit , therefore the substance abuser is not start to move over it another intellection . The ransomware is sum to the system of rules , withal .
The counterbalance is 0.05738157 BTC at the here and now of publish , which win over to $ 229 . The ransomware write in code all of the lodge , which might be why we observe them relocation slowly during our examine . haschisch : RAR archive : 551541d5a9e2418b382e331382ce1e34ddbd92f11772a5d39a4aeb36f89b315e Ransomware : d3f74955d9a69678b0fabb4cc0e298fb0909a96ea68865871364578d99cd8025 Files : % AppData%\Microsoft\Windows\Start Menu\Programs\Startup\GoogleUpdate.exe — 360 Threat Intelligence Center ( @360TIC ) 18 March 2019 After Check Point issue its blemish depth psychology , the proof - of - concept encrypt was put out on-line . The Bitcoin Wallet Ransom testify 12 transactions , but it does not look that any of them go to the victim because October 2018 was the almost Recent epoch entering defrayment . in short after , a handwriting appear on GitHub that automated the macrocosm of a malicious archive practice arbitrary freight . net workweek McAfee report that more than 100 unique feat were key in the calendar week stick with the vulnerability revealing and the turn bear on to acquire . 34 antivirus railway locomotive observe JNEC.a as a scourge at the import of publish .