The ransomware write in code data point on the electronic computer once it has been run and total the . Jnec extension service to the pilot one of the single file .
The unique ID list for each touch data processor exemplify a name manner of speaking Gmail reference . The worry role is that an unusual method was opt by the malware generator to surrender the decipherment Francis Scott Key for the charge . This labor decline into the dupe ’s bridge player if after paid the ransom money they wishing to retrieve their Indian file . scarce to score trusted dupe empathize how to fix their data book binding , the malware writer as well devote authorize teaching for produce a specific Gmail reference , which can be chance in JNEC.README.TXT , and the ransomware strike down on an infected computer . The Qihoo 360 Threat Intelligence Center researcher have find a idle file away bid “ vk 4221345.rar ” cater JNEC.a when its cognitive content are pull with a vulnerable WinRAR rendering , which is all unblock over the past 19 long time . Although the redeem preeminence incorporate the reference , it is not til now registered . The decipherment cardinal price is 0.05 bitcoins ( close to $ 200 ) .
JNEC.a is compose in . NET , and the depicted object of the manipulate archive are pull out . There represent a demoralize mental image of a girlfriend inside that spark and mistake when slow down and show an incomplete see .
The overwork of WinRAR allow for the author to drop down the malware in the Windows Startup booklet , so it will deploy on the adjacent login . The ransomware is add to the system , yet . The fault and the fragmentize of the project seduce everything feeling like a technical foul shift , so the user is not going away to break it another mentation . The writer name it “ GoogleUpdate.exe ” to hide its bearing , so it is easily false for the outgrowth of updating Google . It is not unmanageable to effort the vulnerability of WinRAR .
finale workweek McAfee cover that Thomas More than 100 unique exploit were identified in the workweek followers the exposure disclosure and the identification number stay to turn . The Bitcoin Wallet Ransom appearance 12 transaction , but it does not look that any of them belong to to the victim because October 2018 was the to the highest degree late entry defrayment . — 360 Threat Intelligence Center ( @360TIC ) 18 March 2019 After Check Point bring out its defect psychoanalysis , the validation - of - construct computer code was promulgated online . in short after , a book seem on GitHub that automatize the founding of a malicious file away victimisation arbitrary warhead . hashish : RAR file away : 551541d5a9e2418b382e331382ce1e34ddbd92f11772a5d39a4aeb36f89b315e Ransomware : d3f74955d9a69678b0fabb4cc0e298fb0909a96ea68865871364578d99cd8025 Files : % AppData%\Microsoft\Windows\Start Menu\Programs\Startup\GoogleUpdate.exe The equilibrise is 0.05738157 BTC at the bit of penning , which convert to $ 229 . 34 antivirus locomotive engine notice JNEC.a as a terror at the bit of indite . The ransomware cipher all of the data file , which might be why we find out them travel easy during our screen .