Do you know what JesusCrypt Ransomware is?
JesusCrypt Ransomware does not need your permission to slither into your operating system, but it does need an invitation. According to our researchers, the executor of this malicious threat could be introduced to Windows users via email, using malicious downloaders, or with the help of RDP backdoors. If you open the email attachment, download the malicious files, or leave your remote access vulnerable, you extend an invitation for malware to slither into your operating system and wreak havoc. Since you are reading this report, the chances are that your personal files were encrypted already. The threat can encrypt 125 different types of files (including .doc, .gif, .pdf, .jpg, .avi, .mov, .zip, .rar, etc.), and when it does that, the additional “.jc” extension is appended to their names. Do not delete this extension, because that is a waste of time. Instead, use the time to remove JesusCrypt Ransomware.
Unlike some file-encrypting infections, JesusCrypt Ransomware has named itself. Once it slithers in and encrypts files, a window is launched, and the words “Jesus Crypt” are displayed in large font. The window presents a message that informs you about your files getting encrypted. It also states that you have the chance to restore your files by contacting the creator of the infection via email. The email address is sirer1@protonmail.com, and we do not recommend sending a message to it. Why? To put it simply, you do not know what cybercriminals could expose you to via email. Remember that JesusCrypt Ransomware itself is believed to spread with the help of misleading spam messages, and so if you want to ensure that new infections cannot reach you, you need to think carefully if contacting the attackers is a good idea. Furthermore, if you contact them, they will ask to pay a ransom, and we doubt that your money would be exchanged for a decryption tool or whatever else the attackers might promise.
JesusCrypt Ransomware screenshot
Scroll down for full removal instructions
JesusCrypt Ransomware also creates a file named “READ_IT.txt” on the Desktop, and the message inside this file informs that you must pay a ransom of $200 to have your files restored. Even if you think that that is a ransom you can handle, keep in mind that cybercriminals cheat and lie, and no one can force them to hand you the decryptor after the payment. JesusCrypt Ransomware was created using the Hidden-Tear source code, and so it is grouped with TrumpHead Ransomware, BSS Ransomware, SnowPicnic Ransomware, ShutUpAndDance Ransomware, and hundreds of other infections that were built using that same code. Regardless of which one of these threats you face, we do not recommend paying the ransom. The unique thing about JesusCrypt – when compared to these other threats – is that it can kill processes of any program with a window, which means that it can kill browsers, the Task Manager, etc. That, unfortunately, might make the removal of the threat very difficult.
In theory, you should be able to open the Task Manager and use the running process of JesusCrypt Ransomware to find the launcher. In reality, the Task Manager is likely to be automatically closed the moment you open it. So, if you can use the tool, go ahead and find the malicious process and use it to track the malicious .exe file. The process must be terminated, and the file must be removed. If you cannot delete JesusCrypt Ransomware manually, why not install a legitimate anti-malware tool? If you cannot use a browser to download the tool, and you are also prevented from executing it, you might not be able to perform automatic removal. Of course, you can always use Safe Mode, but it appears that the threat does not have an autostart function, and so once you restart the computer, you should be able to do whatever you need to perform successful removal.
Remove JesusCrypt Ransomware
- Restart the computer.
- Find the {unknown name}.exe file that is the launcher.
- Right-click the file and Delete it.
- Move to the Desktop and find the READ_IT.txt file.
- Right-click the file and Delete it.
- Empty Recycle Bin.
- Install a malware scanner to check for potential leftovers.
In non-techie terms:
The devious JesusCrypt Ransomware slithers into those systems that are unguarded and vulnerable. Therefore, if your system was not infected yet, you need to make sure that you secure it immediately. If you do not face JesusCrypt specifically, you still could face one of the thousands of file-encryptors that are active today. If the threat got in already, you need to perform removal as soon as possible. At the time of research, the infection was still in development, and so we cannot predict how difficult or easy it would be to delete JesusCrypt Ransomware. In theory, you might have to reboot Windows to Safe Mode to eliminate the infection manually or install software that could delete it automatically. Unfortunately, regardless of how you remove the threat, you are unlikely to restore your personal files. However, if you have copies of files stored in backup, you can use them to replace the encrypted files after removal.