Emsisoft releases a free decryptor for the JSWorm 4.0 ransomware

The Emsisoft malware team has just released a free decryptor for the JSWorm 4.0 ransomware. Thanks to Francesco Muroni who helped crack it.

If you have been infected with this ransomware, please download the free decryptor linked below. DO NOT PAY the ransom. A detailed guide is also included.

Emsisoft JSWorm 4.0 Decryptor

Emsisoft JSWorm 4.0 Decryptor

Technical details

JSWorm 4.0 is a ransomware than uses a modified version of AES-256, and RSA-4096 to encrypt files. ID-Ransomware has received over 100 confirmed submissions from around the world, including the US, Canada, Indonesia, Egypt, Germany, France and India. Files that have been encrypted by JSWorm 4.0 are appended with the file extension “[ID-<ID>][<email>].JSWRM”.

The ransomware also creates a ransom note titled “JSWRM-DECRYPT.hta”, which contains the following text:

“JSWRM 4.0.2

Your files are corrupted!

Identificator for files: [redacted]

E-mail for contact: symmetries@tutamail.com

Backup e-mail for contact : symmetries0@tutanota.com

Free decryption as guarantee!

Before paying you can request free decryption of 3 files.

Total size of files must be less than 5MB (non-archived).

Files shouldn’t contain valuable information (accept only txt\jpg\png).

Attention!

Don’t try to decrypt it manually.

Don’t rename extension of files.

Don’t try to write AV companies (they can’t help you).”

Successful JSWorm 4.0 Decryption

Successful JSWorm 4.0 Decryption

Contrary to what the ransom note says, AV companies can help you. If you have any questions, feel free to reach out.

The post Emsisoft releases a free decryptor for the JSWorm 4.0 ransomware appeared first on Emsisoft | Security Blog.



*** This is a Security Bloggers Network syndicated blog from Emsisoft | Security Blog authored by Jareth. Read the original post at: https://blog.emsisoft.com/en/33833/emsisoft-releases-a-free-decryptor-for-the-jsworm-4-0-ransomware/