JSWorm 4.0 is a ransomware written in C++ that uses a modified version of AES-256 to encrypt files, and adds the extension ".[ID-].JSWRM to files.
The ransom note "JSWRM-DECRYPT.hta" has the below text:
Your files are corrupted!
Identificator for files: [redacted]
E-mail for contact: [email protected]
Backup e-mail for contact : [email protected]
Free decryption as guarantee!
Before paying you can request free decryption of 3 files.
Total size of files must be less than 5MB (non-archived).
Files shouldn't contain valuable information (accept only txt\jpg\png).
Don't try to decrypt it manually.
Don't rename extension of files.
Don't try to write AV companies (they can't help you).