Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Installs itself without permissions

Jager Ransomware

Jager Ransomware is a malicious program that encrypts user’s data while using AES-256 and RSA-2048 encryption algorithms. The malware is capable of affecting a wide range of different file types. If it managed to enter the system and lock your data as well, we advise you to get rid of it as soon as possible. Our researchers could not find a proper sample for testing, so there is not much information about this threat. The main problem is that all samples, which our specialists managed to find are disconnected from the server. Apparently, this might mean that you will not get the decryption software even if you pay the ransom. Thus, we advise you erase the threat instead and recover your data from removable media or other storages. To delete Jager Ransomware, you should have a look at the instructions below as they will guide you through necessary steps.

Probably, the most popular way to distribute ransomware is sending infected files via Spam email or uploading them malicious web pages. Our researchers think that Jager Ransomware could be spread in both ways. Often such files look like software updates, installers, text documents, invoices, and so on. Some users risk their computer’s safety to open such data because they do not understand the risks. However, no matter how tempting the title sounds or that the file looks harmless, you should always delay opening suspicious email attachments or installers from file-sharing sites until they are scanned with trustworthy antimalware software.

If you opened a file that was infected with Jager Ransomware, the malware should have created a folder in the %APPDATA% directory. The file that might be named as Drive Manager Support, should contain an executable file called Videoplugin.exe inside it. After the infection places its data and settles in the system, it starts the encryption process. During it, the malicious application locks your personal data with AES-256 and RSA-2048 cryptosystems. It was noticed that the malware does not encrypt any data placed in the following folders: Application Data, AppData, Program Files (x86), Program Files, Temp, $Recycle.Bin, System Volume Information, Boot, Windows, ProgramData.

We already mentioned that Jager Ransomware can encrypt a lot of different file types. For example, if could lock any files that have these extensions: .DJV, .DJVU, .DOC, .DOCB, .DOCM, .DOCX, .DOT, .DOTM, .DOTX, .DTD, .DWG, .DXF, .EML, .EPS, .FDB, .FLA, .FLV, .FRM, .GADGET, .GBK, .GBR, .GED, .GIF, .GPG, .GPX, .GZ, .H, .HTM, .HTML, .HWP, .IBD, .IBOOKS, .IFF, .INDD, .JAR, .JAVA, .JKS, .JPG, .JS, .JSP, .KEY, .KML, .KMZ, .LAY, .LAY6, .LDF, .LUA, .M, .M3U, .M4A, .M4V, .MAX, .MDB, .MDF, .MFD, .MID, .MKV, .MML, .MOV, .MP3, and other.

Lastly, the malware should also open an HTML file called “Important_Read_Me.html.” The document does not provide many terms, but it names the price you would have to pay for the decryption key. Also, it says that users should contact the malicious program’s creators through email address. No doubt that the reply letter should tell you where to transfer the money and how much time you have to make the payment. We want to inform our readers that there is a chance you will not get the decryption key even if you pay the money on time. There are always cases when users lose their money to cyber criminals who only promise to decrypt their data.

Just to be safe, it would be best to get rid of the malware before you upload any new data. The good news is that we can help you eliminate Jager Ransomware. Firstly, remember what was the file that you launched before your data got encrypted. Once you delete this file, you should also erase Videoplugin.exe. If you check the instructions below, you will see the exact Videoplugin.exe location and also some suggested directories where the infected file could have been saved. If this seems too difficult or you simply want to be one hundred percent sure that the system is secure, you could delete the malware with a trustworthy security tool. It should be able to locate all malicious data on the computer. The best part is that the antimalware tool will allow you to erase all detections with just one mouse click.

Remove Jager Ransomware

  1. Open the Explorer (Win+E).
  2. Locate the malicious file that infected the system. It could be saved on the Desktop, Downloads, Temporary Files directory, etc.
  3. Right-click the infected file and select delete.
  4. Insert this location %APPDATA% into the Explorer and click Enter.
  5. Locate a folder named as Drive Manager Support, open it and find an executable file called Videoplugin.exe.
  6. Right-click Videoplugin.exe and select Delete.
  7. Close the Explorer and empty the Recycle bin.
Download Spyware Removal Tool to Remove* Jager Ransomware
  • Quick & tested solution for Jager Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.