Emsisoft releases a free decryptor for the JSWorm 4.0 ransomware

JSWorm 4.0 Decryptor

The Emsisoft malware team has just released a free decryptor for the JSWorm 4.0 ransomware. Thanks to Francesco Muroni who helped crack it.

If you have been infected with this ransomware, please download the free decryptor linked below. DO NOT PAY the ransom. A detailed guide is also included.

Emsisoft JSWorm 4.0 Decryptor

Emsisoft JSWorm 4.0 Decryptor

Technical details

JSWorm 4.0 is a ransomware than uses a modified version of AES-256, and RSA-4096 to encrypt files. ID-Ransomware has received over 100 confirmed submissions from around the world, including the US, Canada, Indonesia, Egypt, Germany, France and India. Files that have been encrypted by JSWorm 4.0 are appended with the file extension “[ID-<ID>][<email>].JSWRM”.

The ransomware also creates a ransom note titled “JSWRM-DECRYPT.hta”, which contains the following text:

“JSWRM 4.0.2

Your files are corrupted!

Identificator for files: [redacted]

E-mail for contact: [email protected]

Backup e-mail for contact : [email protected]

Free decryption as guarantee!

Before paying you can request free decryption of 3 files.

Total size of files must be less than 5MB (non-archived).

Files shouldn’t contain valuable information (accept only txt\jpg\png).


Don’t try to decrypt it manually.

Don’t rename extension of files.

Don’t try to write AV companies (they can’t help you).”

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial
Successful JSWorm 4.0 Decryption

Successful JSWorm 4.0 Decryption

Contrary to what the ransom note says, AV companies can help you. If you have any questions, feel free to reach out.



Writer. A picture is worth a thousand words but unfortunately I can't draw. The world of IT security has always fascinated me and I love playing a small role in helping the good guys combat malware.

What to read next