Emsisoft releases a free decryptor for the JSWorm 4.0 ransomware
The Emsisoft malware team has just released a free decryptor for the JSWorm 4.0 ransomware. Thanks to Francesco Muroni who helped crack it.
If you have been infected with this ransomware, please download the free decryptor linked below. DO NOT PAY the ransom. A detailed guide is also included.
JSWorm 4.0 is a ransomware than uses a modified version of AES-256, and RSA-4096 to encrypt files. ID-Ransomware has received over 100 confirmed submissions from around the world, including the US, Canada, Indonesia, Egypt, Germany, France and India. Files that have been encrypted by JSWorm 4.0 are appended with the file extension “[ID-<ID>][<email>].JSWRM”.
The ransomware also creates a ransom note titled “JSWRM-DECRYPT.hta”, which contains the following text:
Your files are corrupted!
Identificator for files: [redacted]
E-mail for contact: [email protected]
Backup e-mail for contact : [email protected]
Free decryption as guarantee!
Before paying you can request free decryption of 3 files.
Total size of files must be less than 5MB (non-archived).
Files shouldn’t contain valuable information (accept only txt\jpg\png).
Don’t try to decrypt it manually.
Don’t rename extension of files.
Don’t try to write AV companies (they can’t help you).”
Protect your device with Emsisoft Anti-Malware.Did your antivirus let you down? We won’t. Download your free trial of Emsisoft Anti-Malware and see for yourself. Start free trial
Contrary to what the ransom note says, AV companies can help you. If you have any questions, feel free to reach out.