The Emsisoft malware team has just released a free decryptor for the JSWorm 4.0 ransomware. Thanks to Francesco Muroni who helped crack it.
If you have been infected with this ransomware, please download the free decryptor linked below. DO NOT PAY the ransom. A detailed guide is also included.
Technical details
JSWorm 4.0 is a ransomware than uses a modified version of AES-256, and RSA-4096 to encrypt files. ID-Ransomware has received over 100 confirmed submissions from around the world, including the US, Canada, Indonesia, Egypt, Germany, France and India. Files that have been encrypted by JSWorm 4.0 are appended with the file extension “[ID-<ID>][<email>].JSWRM”.
The ransomware also creates a ransom note titled “JSWRM-DECRYPT.hta”, which contains the following text:
“JSWRM 4.0.2
Your files are corrupted!
Identificator for files: [redacted]
E-mail for contact: symmetries@tutamail.com
Backup e-mail for contact : symmetries0@tutanota.com
Free decryption as guarantee!
Before paying you can request free decryption of 3 files.
Total size of files must be less than 5MB (non-archived).
Files shouldn’t contain valuable information (accept only txt\jpg\png).
Attention!
Don’t try to decrypt it manually.
Don’t rename extension of files.
Don’t try to write AV companies (they can’t help you).”
Emsisoft Endpoint Protection: Award-Winning Security Made Simple
Experience effortless next-gen technology. Start Free Trial
Contrary to what the ransom note says, AV companies can help you. If you have any questions, feel free to reach out.