Jew Crypt Ransomware

Jew Crypt Ransomware was first spotted on 20 January 2017. One of the first infections took place in Belgium. However, its dissemination is not limited to this particular country as we have found that it can be distributed around the world. Nevertheless, it is in English only, so it might not be used in some Eastern European countries and Middle Eastern countries. This ransomware was designed to encrypt your files and demand that you pay money for the decryption key. Thankfully, this ransomware leaves the decryption key on your computer, and you can use it to decrypt your files. Therefore, you can remove this infection without hesitation. There are more things to tell about this ransomware, so if you got it on your PC, then please read this whole article.

At the time of this article, we do not know how this ransomware is disseminated, but we believe that it is likely that the developers of this ransomware distribute it through malicious emails that they sent from a dedicated email server. The email server is set to spam users with fake emails that masquerade as legitimate business correspondence, receipts, invoices, tax return forms, and so on. The emails try to trick you into opening the attached file which will infect your PC with Jew Crypt Ransomware immediately. Nevertheless, this ransomware might also be distributed using other distribution methods. Another popular method used for infecting computers of unwary users is to use exploit kits such as the Angler Exploit kit that exploits JavaScript and Flash vulnerabilities found on various websites. No matter the distribution method, this ransomware is set to infect your computer secretly.

If it manages to infect your computer successfully, then it will run automatically and start doing its dirty work. Our research has revealed that it consists of one executable file that can be named Crypto.exe or ransomware_mail2tor_com.exe. It can be placed in a random hidden folder deep inside your computer’s operating system. Nevertheless, we suggest you start looking for this executable in C:\WinSec because this location hosts the decryption key is a text file named key.txt. While the sample we have tested demanded that we pay 0.01 BTC (9.23 USD), you got the decryption key free of charge be looking in key.txt. The default decryption key is “JewsDid911, ” but it might have a different key because we have learned that Jew Crypt Ransomware has more than one iteration.

The sample that we tested, in particular, did not actually encrypt any files which lead us to believe that it might not do the same for you. Testing has revealed that it does not connect to its command and control server which leads us to believe that it is currently down. In fact, it seems that Jew Crypt Ransomware is still not finished because if features “label4” and “label5” boxes in the interface window which represent VB (Visual Basic programming language).

The cyber criminals expect you to pay the ransom within a week. If you fail to do so, they say that they will delete your files. However, if you send the payment, you also have to write them a message to ransom@mail2tor.com with a unique transaction key and, allegedly, you will receive your decryption key. However, there is a good chance that you will not get the decryption key and, therefore, we suggest that you remove this application altogether.

In closing, Jew Crypt Ransomware is just another ransomware-type malware that can encrypt your personal files. Its developer has left the decryption key on your PC, and you can make use of it and decrypt your files. However, you need an application that could read the decryption key and decrypt the files. We suggest you wait for a free decryption tool to appear and remove Jew Crypt Ransomware before it deletes your files. We recommend using SpyHunter as testing has shown that it can detect and eradicate this infection without difficulty.

How to remove Jew Crypt Ransomware

1. Open your browser.
2. Go to http://www.pcthreat.com/download-sph
3. Download SpyHunter-Installer.exe
4. Run the Installation Wizard.
5. Launch the program once it is installed.
6. Select Scan Computer Now! And let is scan the PC.
7. Once the scan is complete, click Fix Threats.