Jack Ransomware

Jack Ransomware is a malicious computer infection, and users often do not realize how they get infected with it. It is usually possible to avoid installing Jack Ransomware on your computer, but it requires awareness from potential victims. We must educate ourselves about the ways these infections spread around. It doesn’t look like the ransomware endemic would end any time soon. So, when you remove Jack Ransomware, you might get attacked by another similar infection. And to avoid that, we have to learn more about them. Therefore, please continue reading this description to find out how ransomware programs spread and how we could stop them.

Our research team says that this program probably spreads through spam email or corrupted RDP connection. If you use Remote Desktop Protocol applications to connect to a network, you have to make sure that the network configurations are safe and that you will not receive messages that carry suspicious files from unknown senders.

Sometimes, social engineering campaigns make use of actual user accounts to spread dangerous content. So you might receive a message even from someone you know if their account has been hacked. Thus, you need to check whether the message that comes with the file is legitimate. If the wording is odd, if you haven’t been looking forward to receiving something from that person, the chances are that the file that comes along is malicious and you will get infected with Jack Ransomware or any other similar program.

The same applies to spam emails, too. While most of the spam emails get filtered into the Junk folder, the more sophisticated ones land in the main inbox, and users get tricked into downloading and opening the attached files. That’s because the files often look like legitimate documents, and the message in the spam email urges them to open those documents immediately. However, if you do that, you automatically get infected with Jack Ransomware, too.

Jack Ransomware is not the first ransomware infection out there, of course. It also comes from a known group of similar programs. We call them the Crysis or Dharma Ransomware family. Programs in this group are all similar, and they often use the same text for their ransom notes. Usually, the main thing that differs is the title of the infection and the appendix that the program in question adds to the affected files.

For example, when Jack Ransomware encrypts your files, the program adds this line to the file name: id-0X0X00X.[lockhelp@qq.com].jack. The 0X0X00X stands for unique infection ID that will be different across all the systems that were attacked by this program. By generating unique IDs, these criminals can recognize individual infections, if the users end up contacting them. And users are told to contact the criminals through the ransom note that Jack Ransomware displays in a pop-up. Here’s what the ransom note has to say:

A11 FILES ENCRYPTED “RSA1024”
A11 YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE E-MAIL lockhelp@qq.com.
IN THE LETTER WRITE YOUR ID, YOUR ID [unique ID]
IF YOU ARE NOT ANSWERED, WRITE TO EMAIL: lockhelp@qq.com

Now, what is this ransom note for? When Jack Ransomware enters your computer, it launches file encryption. As a result, the program locks up your personal files by scrambling the byte information within each file. When the file is encrypted, the system cannot read it anymore. Then, Jack Ransomware says that if you contact its developers, they can issue the decryption key. Needless to say, you should pay for this decryption, and we don’t know much exactly the ransomware expects you to pay because the ransom price isn’t indicated.

You need to ignore these demands. Paying the ransom fee would not help you retrieve your files because there is no guarantee that the criminals would issue the decryption key in the first place. You need to remove Jack Ransomware right now instead of considering paying these criminals.

It is possible to restore your files if you have a file backup. We’re talking about copies of your files you might have saved on an external hard drive or a cloud drive, or someplace else. If you have that, then there’s no problem. If you do not have a file backup, please address a professional for other file recovery options.

How to Delete Jack Ransomware

1. Access these directories with the Win+E command:
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
   %WINDIR%\System32\
   %APPDATA%\
2. Remove the Info.hta file from the directories.
3. Press Win+R and type regedit. Click OK.
4. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
5. On the right, right-click and delete the values that have “Info.hta” in their paths.
6. In the same key, right-click and delete the value with a random-name EXE file.
7. Press Win+E and access these directories:
   %WINDIR%\System32\
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
8. Remove a random-name EXE file from the directories.
9. Run a full system scan with SpyHunter.