Jack.Pot Ransomware

Even though Jack.Pot Ransomware is still in development mode, specialists have already found that it is a dangerous computer infection that can cause much harm. Theoretically, its final version might differ from the one our researchers have tested; however, there is no doubt that Jack.Pot Ransomware will not start acting somehow beneficially. According to specialists at pcthreat.com, just like all other threats that have been put into the category of ransomware infections, this malicious application also seeks to obtain money from users. Even though this beta version of Jack.Pot Ransomware also asks users to transfer money, there is no point in doing that because the Bitcoin address provided for transferring a ransom in Bitcoins is nothing more than a mix of random letters and numbers. In other words, it is fake, and it is impossible to transfer money to cyber crooks at the time of writing. Of course, the situation might change with the final version of this infection. You should not think about sending money to cyber criminals no matter which version of this malicious application you encounter. Instead, hurry to remove Jack.Pot Ransomware from your PC because this threat does not close or delete itself after it enters the computer and locks files it finds.

As you already know, Jack.Pot Ransomware is not finished yet and might slightly change; however, there is no doubt that it will continue encrypting users’ files in the future too. Research has shown that this threat targets files located in %USERPROFILE% and its subfolders. It scans these locations the second it is inside the computer and then encrypts files it finds there by appending .code, which is a filename extension. Once it finishes encrypting users’ personal files, it opens a window in full-screen containing a ransom note (see below). Unfortunately, it is not that easy to close this window in order to access Desktop.

*** jack.pot ***

All your important files are encrypted.

to decrypt your files, pay 3.0 BTC ~= 830 USD to the Bitcoin address:

QWmlJREgKgQjWSJ5KXef6SjunV7hMePt23

Judging from the message left on Desktop, cyber criminals expect you to transfer 3 Bitcoins for unlocking files. As has already been mentioned in the first paragraph, the underdeveloped version of Jack.Pot Ransomware contains a bad Bitcoin address, so it is impossible to send money to cyber criminals. According to our specialists, users should still not pay money for the decryption of files even though they encounter a final version of this ransomware infection. It is because the decryption key is very expensive, but there are no guarantees that you will get it. What you can do instead of paying money is to recover files from a backup. If you have never backed up your files, it means that you should wait for the decryption tool to be released by experts. Of course, it does not mean that you are allowed to keep Jack.Pot Ransomware.

Researchers have looked inside Jack.Pot Ransomware to check its code and now are sure that Jack.Pot Ransomware was first released on the 14th of March, 2016. Since it is quite a new computer infection, specialists cannot say much about its distribution yet. Of course, it is clear that it enters computers without permission. In most cases, ransomware infections are distributed in spam emails as legitimate-looking attachments but, of course, they are capable of entering computers in a different way too. For instance, it is known that ransomware infections might be dropped by Trojans. It is not always a piece of cake to prevent malware from entering the system. Therefore, our security specialists recommend installing reputable security software for those users who wish to have clean computers.

It is a must to remove Jack.Pot Ransomware no matter which version of this threat you have on your system because it will not allow you to access Desktop, it will keep scanning the %USERPROFILE% directory to find new files to encrypt, and, finally, it will keep connecting to its C&C server hosted on an IP address 52.58.55.93. Generally speaking, it will still perform different activities without your permission. To terminate this computer infection, you have to close the black window covering Desktop first. You can do that by pressing two buttons Alt+TAB and then killing the process of this malicious application. Unfortunately, it is not enough to do that to make it gone. The malicious file belonging to this infection has to be found and erased as well. It should be located in the Downloads folder (%USERPROFILE%\Downloads), but if you cannot find it there, you should go straight for the automatic removal with SpyHunter.

How to delete Jack.Pot Ransomware

1. Tap Alt+TAB to close the window opened by ransomware.
2. Tap Ctrl+Shift+Esc.
3. Click Processes.
4. Select the process of the ransomware infection.
5. Click End Process and close the Task Manager.
6. Delete the malicious file opened.