Go to listing page

'JNEC.a' ransomware propagates via the WinRAR ACE vulnerability

'JNEC.a' ransomware propagates via the WinRAR ACE vulnerability
  • New ransomware dubbed ‘JNEC.a’ propagates by exploiting the WinRAR ACE vulnerability.
  • Once the ransomware encrypts files in a computer, it generates a Gmail address that victims need to create through which they will receive the decryption key.

New ransomware dubbed ‘JNEC.a’ propagates by exploiting the WinRAR ACE vulnerability. Researchers noted that this the first ransomware that spreads through the 19-year-old WinRAR ACE exploit.

More details on the ransomware

  • JNEC.a ransomware once executed, encrypts files on the infected computer.
  • The encrypted files are appended to the .Jnec extension.
  • The ransomware drops the ransom note ‘JNEC.README.TXT’ that demands 0.05 bitcoins which is worth $200 for the decryption key.
  • Once victims pay the ransom, they need to create a Gmail address as mentioned in the ransom note in order to receive the decryption key.

Worth noting - Once the ransomware encrypts files in a computer, it generates a Gmail address that victims need to create through which they will receive the decryption key.

The big picture

  • 360 Threat Intelligence Center spotted the archive ‘vk_4221345.rar’ that delivers the JNEC.a ransomware.
  • Attackers trick victims into decompressing the archive and extracting its contents.
  • When decompressed, it shows an incomplete image of a girl.

“Warning!!!Possibly the first #ransomware (vk_4221345.rar) spread by #WinRAR exploit (#CVE-2018-20250). The attacker lures victims to decompress the archive through embedding a corrupt and incomplete female picture. It renames files with .Jnec extension,” 360 Threat Intelligence Center tweeted.

Security researcher Michael Gillespie analyzed the ransomware and confirmed that even the malware author of the ransomware cannot decrypt the files.

“PSA: DO NOT PAY. The criminals fucked up the key usage and even they cannot decrypt people's files,” Gillespie tweeted.

The bottom line - Researchers recommend users to upgrade to the latest version of WinRAR in order to avoid such attacks.

Cyware Publisher

Publisher

Cyware

Previous

New Sextortion scam campaign purports to come from Cent ...

Identity Theft, Fraud, Scams

Next

Attackers hacked Israeli officials’ devices; stolen inf ...

Breaches and Incidents

RESOURCES
Cyber Fusion Center Guide
EVENTS
News and Updates, Hacker News

Get in touch with us now!

1-855-692-9927

Download Cyware Social App

Terms of Use Privacy Policy © 2023