Download
1 / 6
60 likes | 66 Views
Jokeroo Ransomware is a RaaS that is offering the subscribers (cyber criminals) to buy a membership package, create Ransomware versions & use them to earn ransom.
E N D
How to Remove Jokeroo Ransomware – Virus Removal Guide Jokeroo is the name of a Ransomware-as-a-service that appeared on the underground hacking sites in March 2019. It is a recent menacing member in the family of Ransomware that is using Twitter & other social networks for its propagation. The Jokeroo crypto virus initially, posed as a variant of the notorious GandCrab Ransomware & appeared on a malicious website, Exploit.in. Surprisingly, the developers changed its name to Jokeroo Ransomware as a service & began to advertise it on Twitter social network.
Threat Summary- Name Jokeroo Type Ransomware Category Malware Operating System Impacted Windows Targeted Browser Google Chrome, Internet Explorer, Mozilla Firefox Understanding what is RaaS (Ransomware-As-A-Service) A RaaS or Ransomware-As-A-Service appears when a developer invents a Ransomware & its payment site with the sole motive of allowing affiliates to buy membership package, sign up to distribute their own versions of this ransomware. According to the deal signed between the developer & the affiliates, the ransom amount received from the victims is distributed between them. Jokeroo Ransomware, now being sold as a service to cyber criminals, facilitates the creation of the customized versions of this Ransomware virus by offering its subscribers (cyber criminals), multiple membership packages. With access to a completely well-designed Ransomware & its payment server, numerous versions of this Ransomware with different names are now being created. Jokeroo Ransomware Faked an Exit Scam Recently The Tor (The Onion Router) sites for the Jokeroo Ransomware began to display a note on 7th May 2019. The note stated that the Royal Thai Police together with Dutch National Police & Europol have seized Jokeroo’s server, rendering the Ransomware inoperative. Later, it was found that Jokeroo RaaS faked the notice of being seized by cyber security &performed an exit scam.
The Content of the Jokeroo Exit Scam read as follows- What Jokeroo Ransomware RaaS offers to its Affiliates? Jokeroo Ransomware made its first appearance on a hacking forum named Exploit.in, where its masqueraded as a variant of GandCrab Ransomware. Soon, its developers developed it as RaaS and renamed it as Jokeroo Ransomware as a service. They started promoting this on Twitter. The Jokeroo offered an autonomous service to the affiliates where they could buy RaaS membership packages ranging from $90 to $600. Below are the benefits that an affiliate paying $90 gets –
Depending on the membership package chosen, the affiliates could customize Ransomware by choosing the extension, creating their own ransom note & earning up to 85%-100 % of the ransom payments. Other perks earned by affiliates that purchase $300 to $600 membership package include – •Salsa20 Encryption Method •Ransomware Variants •Crypto Currency Payment Methods Once the affiliates have made the payment, they gain access to the admin dashboard –jokeroodgo3ylved.onion/dashboard.php. The main dashboard for this RaaS displays the amount earned by Jokeroo so far. It allows the affiliates a quick access to the list of victims, time when they were infected & the payment status. Other sensitive information that the affiliates could access include IP Address, Windows Version & geographic location of the Victims. Threat Behavior of Jokeroo RaaS- Once the Jokeroo Ransomware has infected the system, it uses AES or Salas20 Encryption Algorithm to encrypt user & system files. The files are renamed with a customized extension (given by affiliates who bought RaaS) & thus made unavailable to the victims. The files encrypted by the Ransomware include- •Document files (.docx, .doc, .odt, .rtf, .text, .pdf, .htm, .ppt) •Audio Files (.mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4) •Video Files (.3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob) •Images (.jpg, .jpeg, .raw, .tif, .gif, .png) •Backup Files (.bck, .bckp, ,tmp, .gho)
The Ransomware may further make entries in the Windows Registry, to launch the crypto-virus automatically after every system reboot. The ransom note for Jokeroo is not fixed as the affiliates who buy the RaaS customize the ransom message. The note asks users to pay the ransom amount in Currency or Bitcoin(s) via payment method chosen by the affiliates. Victims are advised not to pay the ransom amount as there is no guarantee that the encrypted files will be restored after the payment is made. Instead, users should be vigilant while clicking on e-mails & content found on the internet. The intrusion of Ransomware may be avoided by implementing certain security measures while surfing & downloading files from internet. Distribution Techniques Jokeroo may propagate its infection through various other distribution methods. These may include - •Exploit Kits, •Spam E-Mail Campaigns, •Infected Network File-Sharing Services •Zipped Java Script Attachments. The cyber threat actors often insert an infected executable file or a malicious hyperlink to a spam e-mail. In addition to that, they pretend to be associated with some reliable organization, thus giving a legitimate look to the spam-email. A mere click on such e-mails could download & install menacing Jokeroo on your system. Visit the below given Resource Link for more Information, Resource Link:- https://www.virusremovalguidelines.com/ransomware/how-to-remove- jokeroo-ransomware-virus-removal-guide
