CryptoJoker is No Laughing Matter

New Ransomware Demands Ransom in Bitcoins to Get Your Files Back

cryptojokerWith a new year comes new challenges, new hopes, new resolutions, and of course, new ransomware. The newest discovered ransomware called Cryptojoker proves to be anything but amusing to its victims, and although it doesn’t appear to have been widely distributed as of yet, it is an entirely functional ransomware that could see increased distribution in the future.

Beware of unknown emails

IT security experts cannot stress enough how important it is NOT to open emails from unknown sources, but sometimes, the curiosity of these mystery emails is just too much for us to resist. That being said, it is thought that because this ransomware is being disguised as a PDF file, it is more than likely that CryptoJoker is being distributed via email phishing campaign, and you can bet that the subject is not “the PDF file attached to this email is just ransomware in disguise”. Unfortunately, these cybercriminals are a lot smarter than that.

How it works

CryptoJoker uses AES-256 encryption that demands a ransom in bitcoins to get your files back, and once the installer is executed, it will download or generate several executables in the%APPData% folder and  %TEMP% folder. Each of these files will perform several tasks that include:

  • Sending your information to the Command and Control server
  • Polling for active Regedit or Taskmgr processes and terminating them
  • Ensuring that the lock screen remains visibly located on the top of other active Windows

As soon as CryptoJoker encrypts your data, it will scan all of your drives. This includes mapped network drives on your computer for files with certain extensions. When it finds targeted extensions, it will encrypt the file and change the filename so it has a ‘.crjoker’ extension appended to it. For example, Vacatio.jpg would become Vacation.jpg.crjoker.

While CryptoJoker is encrypting your data, it will also send your information to the Command & Control server located at server6.thcservers.com. This information includes the date, your hostname, username, and machine name.

Currently, there is not a known free method to decrypt files that have been encrypted by CryptoJoker. You must simply keep all of your files backed up and ready to recover, in order to avoid losing access and having to pay the ransom fee.

Contact LAN Infotech at (954) 717-1990 or send us an email at sales@laninfotech.com to find out about our managed IT services. We’ll keep all of your files safe against any type of malware.

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
 
Client Feedback

“Our experience working with LAN Infotech and its engineers has been very rewarding for our firm. We count on Lan Infotech’s team to engineer, maintain, coordinate and monitor our systems.”

—Ricardo Gonzalez-Rosa
IT Director
Katz Barron Squitero Faust
read more»

Featured IT Services Fort Lauderdale Articles

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services

Reasons Why IT Support in Fort Lauderdale is Necessary for Business Growth

IT support in Fort Lauderdale is turning out a necessity for most businesses. This can be pointed to the fact that embracing IT services helps to improve business productivity and efficiency. However,

Read more

Featured IT Services