[Aug, 8, 2019] - Version: 188.8.131.52
JSWorm 4.0 decryptor
JSWorm 4.0 is a ransomware written in C++ that uses a modified version of AES-256 to encrypt files, and adds the extension ".[ID-].JSWRM to files.
The ransom note "JSWRM-DECRYPT.hta" has the below text:
JSWRM 4.0.2 Your files are corrupted! Identificator for files: [redacted] E-mail for contact: [email protected] Backup e-mail for contact : [email protected] Free decryption as guarantee! Before paying you can request free decryption of 3 files. Total size of files must be less than 5MB (non-archived). Files shouldn't contain valuable information (accept only txt\jpg\png). Attention! Don't try to decrypt it manually. Don't rename extension of files. Don't try to write AV companies (they can't help you).