In previous blogs, we have discussed different types of ransomware. Apart from the cryptovirological strain that encrypts the stored data on the targeted device, some less-seasoned cybercriminals use malicious codes that only lock down the computer screen. A new ransomware with the peculiar name of ‘ JeFf thE rAnSOmwArE v1.0 ’ has been discovered on the cyber horizon that only locks the screen of the affected device.
However, the ransom note appears on the locked screen claims that all the files on the targeted device have been encrypted (not true). A creepy-looking custom-made GUI interface also appears on the screen asking the users to click on the image to find out what happened to their device. It is important to mention that the ransom note doesn’t mention the amount operators of this screen locker are asking for ransomware removal.
According to initial investigations by security experts, this locker ransomware is delivering its payload through malicious scripts existing on the World Wide Web. Therefore, avoid surfing websites that are not appended with the prefix ‘https’.
JeFf thE rAnSOmwArE v1.0 also infiltrates Windows Registry
This locker strain also infects the Windows Registry. This is the reason why the cryptovirological script automatically runs every time the affected device is switched on. Experts advise against the payment of ransom to the operators for ransomware removal. In case of locker ransomware attack, engaging with attackers becomes more pointless since no file is locked down in the process.
The security experts who discovered the strain suggests that the script might still be in its developing phase and the developers can add the feature of encryption at latter stages. Whether your device has been affected by a locker ransomware or encryption ransomware, the best way to deal with cryptovirological attacks is to call for the help of ransomware removal experts.
