my system is showing files with extension .JURASIK
all files changed. ransom note in JURASIK-DECRYPT
what to do.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
JSWorm Ransomware (.JSWORM, .JURASIK; JSWORM-DECRYPT.txt) Support
Started by
int80
, May 22 2019 10:34 PM
8 replies to this topic
Back to top
#2
quietman7
-
- Global Moderator
- 65,330 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:03:20 AM
Posted 23 May 2019 - 06:17 AM
You can submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) for assistance with identification and confirmation of the infection. This is a service that helps identify what ransomware may have encrypted your files, whether it is decryptable and then attempts to direct you to an appropriate support topic where you can seek further assistance. ID Ransomware can identify ransomwares which adds a prefix instead of an extension and more accurately identifies ransomwares by filemarkers if applicable. Uploading both encrypted files and ransom notes together along with any contact email addresses or hyperlinks provided by the criminals provides a more positive match with identification and helps to avoid false detections.
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click 
#3
Demonslay335
-
- Security Colleague
- 4,770 posts
- OFFLINE
Ransomware Hunter
- Gender:Male
- Location:USA
- Local time:02:20 AM
Posted 23 May 2019 - 08:28 AM
It's JSWorm 2.0, I updated the decrypter for this variant yesterday. 
https://emsisoft.com/decrypter/jsworm-20
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
#4
Amigo-A
-
- Members
- 3,203 posts
- OFFLINE
Security specialist and Ransomware expert. Volunteer Helper
- Gender:Male
- Location:Bering Strait
- Local time:01:20 PM
Posted 23 May 2019 - 02:01 PM
int80
Attach to your new post an original ransom note or upload to the service www.sendspace.com and give us a download link.
My site: The Digest "Crypto-Ransomware" + Google Translate
#5
quietman7
-
- Global Moderator
- 65,330 posts
- OFFLINE
Bleepin' Gumshoe
- Gender:Male
- Location:Virginia, USA
- Local time:03:20 AM
Posted 23 May 2019 - 02:06 PM
More about JSWORM Ransomware by Amigo-A (Andrew Ivanov).
.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief
If I have been helpful & you'd like to consider a donation, click
#6
snoop
-
- Members
- 3 posts
- OFFLINE
- Local time:11:20 AM
Posted 27 May 2019 - 02:55 AM
Hello, this version of decryptor JSWorm 2.0, can't decrypt my files 
Attached Files
-
knf.png 5KB
0 downloads
-
JSWORM-DECRYPT.txt 1.59KB
7 downloads
#7
Demonslay335
-
- Security Colleague
- 4,770 posts
- OFFLINE
Ransomware Hunter
- Gender:Male
- Location:USA
- Local time:02:20 AM
Posted 28 May 2019 - 01:45 PM
@snoop
Can you provide an encrypted file and its original? Also, if you have the malware executable, that would be the most useful thing.
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
#8
snoop
-
- Members
- 3 posts
- OFFLINE
- Local time:11:20 AM
Posted 29 May 2019 - 02:13 AM
Thanks for answering!
Here I have some originals and encrypted. Unfortunately I don't have infected executables as source computer which was infected already formatted.
https://www.sendspace.com/file/5083lu
#9
Demonslay335
-
- Security Colleague
- 4,770 posts
- OFFLINE
Ransomware Hunter
- Gender:Male
- Location:USA
- Local time:02:20 AM
Posted 29 May 2019 - 08:43 AM
I'm not sure I'll be able to do anything further without the malware itself.
On another note though, I'm concerned they may have broken something and are corrupting the data. All of the encrypted files you sent me are basically the exact same file, just more zeros at the end based on the filesize.
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]
RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]
CryptoSearch - Find Files Encrypted by Ransomware [Support Topic]
If I have helped you and you wish to support my ransomware fighting, you may support me here.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
