JackSparrow Ransomware

No, JackSparrow Ransomware has nothing to do with the ‘Pirates of the Caribbean’ franchise. It is hard to understand why the attackers behind this infection decided to use this name, but perhaps there is no point in trying to understand that at all. The truth is that there are now thousands of ransomware threats, and most of them have unique names, which means that it is becoming more and more challenging for cybercriminals to come up with these names. Of course, in most cases, they do not actually name their threats, and they express their imagination through the extensions that are added to the files that are corrupted by ransomware. Then, malware analysts name the threats based on these extensions. The threat we are discussing in this report does not use a unique extension (“.encrypted”), but it launches a window entitled “JackSparrow,” and that is where the name comes from. In this report, we explain how to remove JackSparrow Ransomware from our operating system, and if you are interested, you should continue reading.

According to our malware experts, JackSparrow Ransomware is a variant of CryptoWire Ransomware. It is not uncommon at all to see infections that are based on others, and that does not even mean that the same cybercriminals are responsible for all of them. If a malware code is made public, or if it is sold online, anyone can use it to build their own versions. The distribution of this malware is hard to discuss because the attackers could use different methods. Of course, spam emails and malicious downloaders are employed in most cases, and if you do not want to have to worry about the removal of malware, it is crucial that you do not interact with spam emails and suspicious downloaders. If you are fooled, and if your system is not equipped to identify and delete malware the moment it slithers in, your personal files are corrupted without you knowing about it. On top of that, JackSparrow Ransomware has an auto-start function, which means that it can encrypt files even after the initial attack.

The “JackSparrow” window that JackSparrow Ransomware launches after files are encrypted introduces the victim to a message. According to it, the AES-256 encryptor was used to “protect” your files, your backups were “neutralized,” and now you have to contact “your IT support department.” This is all a bit confusing because the message suggests that your files are protected, but it also instructs to pay a ransom of 100 XMR – which is around $7,500 – in return for a decryption key. Although you might be confused, we can assure you that you are dealing with cybercriminals. They want you to pay a ransom, and they instruct you to email jacksparrow@protonmail.com to receive payment instructions. We do not advise contacting the attackers behind JackSparrow Ransomware because this could lead to bigger problems. Are you willing to pay the huge ransom? We suggest keeping your money to yourself because it is very unlikely that you would obtain a decryptor in return for it. Unfortunately, free decryptors for this malware do not exist, and if you do not have copies of the encrypted files stored someplace safe, you might be unable to get them back.

If you have copies of your personal files stored in a safe place, you can replace the files corrupted by the devious JackSparrow Ransomware, but note that this malware needs to be removed first. If you connect to your cloud storage or external drives, they could be affected too, and if you transfer the copies of your files onto your computer, they could be encrypted as well. So, delete JackSparrow Ransomware first. The instructions below list the elements of this malware, but some of these elements have random names, and so if you cannot identify them, removing the ransomware manually can be too difficult. What’s the alternative, you ask? We suggest implementing anti-malware software. Besides offering automated malware removal services, it also can reinforce Windows protection, which is very important because, as you know, there are thousands of file-encrypting ransomware threats that you need to protect yourself against. If there is anything else you would like to discuss with our research team, do not hesitate to leave a comment below.

JackSparrow Ransomware Removal

1. Simultaneously tap Win and E keys to access the File Explorer.
2. Enter %COMMONPROGRAMFILES% into the quick access field.
3. Right-click and Delete these ransomware components:
   • {random name}.exe (the launcher)
   • log.txt
   • 1900996101
   • 10169900911016990091
4. Enter %WINDIR%\System32\Tasks\ into the quick access field.
5. Right-click and Delete the task created by the ransomware called 1016990091.
6. Empty Recycle Bin and then perform a thorough system scan using a malware scanner.