JungleSec is the new name of a Ransomware virus that is infecting victims through an unsecured IPMI cards (Intelligent Platform Management Interface) from early November. This treacherous malware has been created by cyber criminals with the sole motive of swindling innocent users & minting shady money. Once the system is infected by this perilous Junglesec Ransomware, it encrypts files & stipulates a ransom of several hundred dollars from the user. The prime operating system targeted by it is Linux.
Junglesec, an encryption Ransomware Trojan was first detected by the PC security researchers on 19thJune 2018. They revealed that Junglesec Ransomware is a variant of HiddenTear Ransomware, an open-source encryption Ransomware program released in 2015. This threat was initially meant for educational purposes; however criminals skillfully adapted it to execute harmful attacks, which ultimately led to invention of countless variants of this scam.
Upon research it was found that Junglesec Ransomware originally targeted the victims using Windows, Mac & Linux OS, however no evidences were found to trace how the systems were being infected. After conversation with the victims whose Linux servers were impacted with Junglesec, researchers tracked down that servers were being infected by unsecured IPMI devices & its installation tends to have roots from spam e-mail attachments.
Following the infection of the system, Junglesec alters system settings without user’s consent. At the outset it will disable certain legitimate applications running on the system like Antivirus Software, Firewall Security Setting, Control Panel, System Registry Settings and Command Prompt. The malicious modification in System Registry Settings will trigger automatic restart of the system after certain intervals of time. Attackers treacherously reboot the infected system into a single user mode & gain root access to download & compile ccrypt encryption program on it.
Junglesec Ransomware encrypts files in every location of computer hard drive & instantly renames them to .jungle@anonymousspechcom file extension. Resultantly, the files become futile & cannot be accessed when needed. Junglesec attacks a variety of user-generated document & media files like images, audios, videos, games, pdf, css, html, text documents and databases.
Once of the victims, Alex informed security researchers that when he tried accessing his files a message got displayed in the screen which stated that the victim should read the ENCRYPTED.md file. The file is a ransom note for Junglesec Ransomware which includes instructions from cyber criminals. It asks the victim to contact the attacker on firstname.lastname@example.org & send 0.3 bit coins to the enclosed bitcoin address in order to retrieve the locked files.
Virus Removal Guidelines do not suggest paying ransom to scammers as there are possibilities that scammers could disappear after receiving payment & lead to permanent loss of data & money.
Surprisingly, JungleSec is capable of creating a backdoor on TCP port 64321 & a firewall rule that allows scammers access this port. It is still vague what program was installed by the scammers to be used as a backdoor.
The cybercriminals use various strategies for malware distribution which include –
Name: Junglesec Ransomware
Targeted Operating System: Windows, Linux, Mac
Symptoms: All the files of the users are encrypted. The locked files are appended with .jungle@anonymousspechcom extension after the encryption and hence are made inaccessible to the user. A ransom note follows the attempt of accessing any file that demands a ransom of 0.3 bit coins.
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.