Experts at Emsisoft malware research team released a decrypter for a recently discovered ransomware tracked as JSWorm 2.0.
JSWorm 2.0 is written in C++ and implements Blowfish encryption. The first version of the malware was written in C# and used the “.JSWORM” extension. Researchers believe both versions were developed by the same author.
Researchers found notable callouts in two different malware samples naming ID Ransomware and several prominent malware researchers:
“:HI SIRI, DEMONSLAY AND AMIIIIGO!!! HOW ARE YOU?”
“:ID-RANSOMWARE, IT’S JUST THE BEGINING [sic] OF SOMETHING NEW…”
Experts pointed out that there have been multiple confirmed submissions to the online service ID Ransomware that allows victims to upload their encrypted files to identify the
“Its files have the “.[ID-<numbers>][<email>].JSWORM” extension and the ransom note file named “JSWORM-DECRYPT.txt.”” reads the post published by Emsisoft.
Once infected a computer, the JSWorm 2.0
Victims of the JSWorm ransomware have to follow the instructions below to decrypt their files for free: