JuicyLemon Ransomware Removal Guide

Do you know what JuicyLemon Ransomware is?

JuicyLemon Ransomware is an obnoxious infection that can slither into your Windows operating system without any warning. According to our research, this malicious threat is currently spread using the Angler Exploit Kit, and its executable is either downloaded in %APPDATA% or %TEMP% folders. This .exe file is represented with an icon of a purple folder, and its name is misleading (e.g., WebCam.exe) to make it more difficult for you to detect and delete it. If you remove JuicyLemon Ransomware file before it initiates file encryption, you might be able to stop all malicious processes. Unfortunately, because this threat is spread silently, most users realize that it is active only after their personal files get encrypted. When that happens, the malicious ransomware automatically deletes itself, and there is little to be done. Of course, there are things that need to be discussed, and we suggest reading this report.

According to our research, JuicyLemon Ransomware is a fairly new infection, and we are hopeful that not many users have fallen victim to it. It is extremely important to keep yourself guarded against this threat because it can encrypt personal files, and this is one of the worst things that can happen because decrypting these files is often impossible. Once the ransomware is done encrypting files, it creates a text file on the Desktop with a completely random name (e.g., P1AD0H2NPVY3MARJT.txt). This text file represents the demands of the creators of this malicious ransomware. Users are instructed to contact cyber criminals via one of the available emails (support@juicylemon.biz or provectus@protonmail.com) or using the Bitmessage system. Once you communicate with cyber criminals – and you should not do that using your main email address – you will receive additional instructions on how to pay a ransom. Whether the ransom demanded for the decryption services is small or big, you have to think carefully about paying it as there is a risk that your payment will be taken with nothing in return.JuicyLemon Ransomware Removal GuideJuicyLemon Ransomware screenshot
Scroll down for full removal instructions

The files that JuicyLemon Ransomware encrypts gain a monstrous extension, “.id-[RANDOM ID]_email1_support@juicylemon.biz_email2_provectus@protonmail.com_BitMessage_BM-[address]”. As you can see, this extension contains the same email addresses and the Bitmessage system address that you are asked to use for contact via the text file. Of course, this extension is highly visible, and it should not take long for you to detect it. If you try opening files with this extension, you will fail, and, if you remove the extension, the file will remain encrypted. Every location, folder containing encrypted files also contains the "RESTORE FILES.txt" file that carries the exact same message as the text file with a random name on your Desktop. Following the demands represented via these messages is dangerous because any contact with cyber criminals might lead to security issues. In the worst case scenario, you will pay the ransom only to find that your files remain encrypted. Unfortunately, many users take the risk because they have no other way to decrypt their files. The disclaimer within the text files indicates that using third-party decryption tools will lead to the damage of your files, but we advise looking into them.

As mentioned previously, JuicyLemon Ransomware deletes itself once the files are successfully decrypted. Our instructions show how to check the main locations where this infection hides just in case it fails to eliminate itself. You also need to erase the "RESTORE FILES.txt" files, and there could be a ton of them. Once you erase this infection from your operating system, it is crucial to scan it with a malware scanner you can trust to see if your operating system is clean. Even if it is, you HAVE to implement reliable anti-malware software to ensure full-time protection; otherwise, dangerous threats could slither in before you know it. Need more answers? Post your questions into the comment box below.

Delete JuicyLemon Ransomware

  1. Launch Explorer (tap Win+E keys simultaneously).
  2. Enter %TEMP% into the address bar.
  3. Delete the file with a purple folder (e.g., WebCam.exe).
  4. Enter %APPDATA% into the address bar.
  5. Follow step 3.
  6. Check all directories and folders to delete the "RESTORE FILES.txt" files.
  7. Once you are done deleting the components of the ransom, restart your PC and install a malware scanner.

In non-techie terms:

JuicyLemon Ransomware is a real threat because it can encrypt your personal files, and the decryption process is extremely complicated, if not impossible. The creator of the ransomware suggests a solution in which you pay a ransom in return of a decryption key. Unfortunately, we cannot guarantee that this deal will work, and putting your savings on the line is too big of a risk. If you see no other solution, please check your backups first to see if maybe you have copies of most important files, and look into third-party decryption tools that might help you. Most importantly, remove JuicyLemon Ransomware leftovers and protect your PC so that this threat could not attack again.