Juicylemon Ransomware

Juicylemon Ransomware is a malicious application that was first discovered in May 2016. This ransomware program is distributed via malicious exploits, and users seldom understand that they are on a dangerous path before the infection actually takes place. Normally, we would urge users to delete Juicylemon Ransomware from their systems and shield their computers from similar intruders. However, in the case of this particular issue, there is nothing much left to remove because the program conveniently deletes itself once its job is done. Nevertheless, it leaves you to deal with severe infection consequences, as this ransomware follows the path of its predecessors and encrypts your files.

The infection takes place when the malicious installer file is dropped by the Angler Exploit kit. The installer lands either in the %APPDATA% or %TEMP% directories and from there, it immediately encrypts your files. During our test, the name of the installer file was WebCam.exe, and its icon is that of a pink folder with a few pictures in it. However, please note that the name of the installer file might be random, so it could differ from computer to computer. Also, you will notice that your files were affected by this infection at once because the program adds an extremely long extension to all the encrypted files. This extension contains email addresses and the Bitmessage address, so it basically summarizes the information this program displays in the ransom note.

This infection is not as explicit as other dangerous programs from the same category. Usually, severe ransomware infections either lock your screen or change your desktop’s wallpaper in order to make the infection look menacing. Needless to say, when suddenly your wallpaper changes to an image with a threatening message, it surely looks more menacing. So Juicylemon Ransomware does nothing of the kind. The program merely leaves an instruction file that supposedly tells you how you can restore your files. Needless to say, the instructions have nothing to do with the technical aspect of the encryption. It simply tells you how you can transfer the ransom payment. Here is an extract from the note:

Hello! We inform you that all of your files are encrypted!
But do not despair. Decryption is not possible with our help,
our help is not free and costs a certain amount of money.
To begin the process of recovery your files you need to write us an email, attaching an example of an encrypted file.

Further on, it gives you the email addresses you can use to contact the people who have infected you. Take note that there is primary email and additional email. It is common for ransomware applications to have at least two email addresses for communication because it is possible for the infection to lose connection with its command and control center. Also, maintaining malware servers is a costly affair, and it wouldn’t be surprising if they went down. On one hand, that would mean in some cases it would not be possible to contact the people who spread the infection. On the other hand, the implications are even worse because the connection might get interrupted AFTER you transfer the payment, and, as a result, you would not be able to receive the decryption key.

This is only one of the reasons we do not suggest paying the ransom. After all, you can restore your files from a backup, especially if you consistently back up your files on your external hard drive or some cloud storage. However, please note that it is not advised to transfer your files back into your computer until you have deleted all the potentially harmful pieces of software.

As mentioned, there is no need to remove Juicylemon Ransomware itself because the infection destroys itself automatically. Nevertheless, it still leaves particular files that need to be taken care of. In order to figure out which files need to be removed; you should scan your PC with the SpyHunter free scanner. It is very likely that you will find more unwanted applications on your computer.

Terminate all the potential threats and do all you can to protect your computer from other dangerous programs. If you require guidance, do not hesitate to contact us by leaving a comment below.

How to Delete Juicylemon Ransomware

1. Delete the RESTORE FILES.txt file from your desktop.
2. Remove the file from all the other directories in your system.
3. Empty your Recycle Bin.
4. Run a full system scan with a licensed antispyware tool.