Jokeroo is the name of a Ransomware-as-a-service that appeared on the underground hacking sites in March 2019. It is a recent menacing member in the family of Ransomware that is using Twitter & other social networks for its propagation.
The Jokeroo crypto virus initially, posed as a variant of the notorious GandCrab Ransomware & appeared on a malicious website, Exploit.in.
Surprisingly, the developers changed its name to Jokeroo Ransomware as a service& began to advertise it on Twitter social network.
Name: | Jokeroo |
Type: | Ransomware |
Category: | Malware |
Targeted Operating System: | Windows |
Targeted Browsers: | Google Chrome, Internet Explorer, Mozilla Firefox |
A RaaS or Ransomware-As-A-Service appears when a developer invents a Ransomware & its payment site with the sole motive of allowing affiliates to buy membership package, sign up to distribute their own versions of this ransomware.
According to the deal signed between the developer & the affiliates, the ransom amount received from the victims is distributed between them.
Jokeroo Ransomware, now being sold as a service to cyber criminals, facilitates the creation of the customized versions of this Ransomware virus by offering its subscribers (cyber criminals), multiple membership packages. With access to a completely well-designed Ransomware & its payment server, numerous versions of this Ransomware with different names are now being created.
The Tor (The Onion Router) sites for the Jokeroo Ransomware began to display a note on 7th May 2019. The note stated that the Royal Thai Police together with Dutch National Police & Europol have seized Jokeroo’s server, rendering the Ransomware inoperative.
Later, it was found that Jokeroo RaaS faked the notice of being seized by cyber security &performed an exit scam.
The Content of the Jokeroo Exit Scam read as follows-
Jokeroo Ransomware made its first appearance on a hacking forum named Exploit.in, where its masqueraded as a variant of GandCrab Ransomware.
Soon, its developers developed it as RaaS and renamed it as Jokeroo Ransomware as a service. They started promoting this on Twitter.
The Jokeroo offered an autonomous service to the affiliates where they could buy RaaS membership packages ranging from $90 to $600.
Depending on the membership package chosen, the affiliates could customize Ransomware by choosing the extension, creating their own ransom note & earning up to 85% – 100% of the ransom payments.
Other perks earned by affiliates that purchase $300 to $600 membership package include –
Once the affiliates have made the payment, they gain access to the admin dashboard – jokeroodgo3ylved.onion/dashboard.php.
The main dashboard for this RaaS displays the amount earned by Jokeroo so far. It allows the affiliates a quick access to the list of victims, time when they were infected & the payment status. Other sensitive information that the affiliates could access include IP Address, Windows Version&geographic location of the Victims.
Once the Jokeroo Ransomware has infected the system, it uses AES or Salas20 Encryption Algorithm to encrypt user & system files. The files are renamed with a customized extension (given by affiliates who bought RaaS)& thus made unavailable to the victims.
The files encrypted by the Ransomware include-
The Ransomware may further make entries in the Windows Registry, to launch the crypto-virus automatically after every system reboot.
The ransom note for Jokeroo is not fixed as the affiliates who buy the RaaS customize the ransom message. The note asks users to pay the ransom amount in Currency or Bitcoin(s) via payment method chosen by the affiliates.
Victims are advised not to pay the ransom amount as there is no guarantee that the encrypted files will be restored after the payment is made.
Instead, users should be vigilant while clicking on e-mails & content found on the internet. The intrusion of Ransomware may be avoided by implementing certain security measures while surfing & downloading files from internet.
Jokeroo may propagate its infection through various other distribution methods. These may include –
The cyber threat actors often insert an infected executable file or a malicious hyperlink to a spam e-mail. In addition to that, they pretend to be associated with some reliable organization, thus giving a legitimate look to the spam-email.
A mere click on such e-mails could download & install menacing Jokeroo on your system.
OR
OR
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Hits: 616
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.