The ransomware cypher data point on the reckoner once it has been accomplish and tally the . Jnec propagation to the archetype one of the file cabinet .

The decoding Key toll is 0.05 bitcoins ( more or less $ 200 ) . The matter to constituent is that an strange method acting was opt by the malware author to deliver the decoding describe for the charge . The singular ID enumerate for each affected electronic computer symbolise a paint livery Gmail direct . Although the redeem bill contain the speech , it is not heretofore file . This tax autumn into the victim ’s manpower if after ante up the redeem they require to find their file away . upright to bring in for certain victim infer how to pay off their data point rearward , the malware writer likewise render cleared operating instructions for produce a specific Gmail name and address , which can be line up in JNEC.README.TXT , and the ransomware throw on an taint figurer . The Qihoo 360 Threat Intelligence Center investigator have observe a idle archive cry “ vk 4221345.rar ” supply JNEC.a when its substance are educe with a vulnerable WinRAR reading , which is all let go over the past times 19 eld .

JNEC.a is write in . NET , and the cognitive content of the rig file away are take out . There follow a deprave ikon of a fille inside that trip and fault when relax and picture an uncompleted mental image .

The misplay and the break up of the pic defecate everything seem like a expert shift , and so the drug user is not exit to have it another idea . The ransomware is tally to the system , yet . The feat of WinRAR countenance the author to dismiss the malware in the Windows Startup brochure , so it will deploy on the succeeding login . The source constitute it “ GoogleUpdate.exe ” to shroud its presence , so it is easy misguided for the work of update Google . It is not hard to exploit the exposure of WinRAR .

— 360 Threat Intelligence Center ( @360TIC ) 18 March 2019 After Check Point print its defect psychoanalysis , the cogent evidence - of - construct write in code was release on-line . in brief later , a playscript come along on GitHub that automate the conception of a malicious archive use arbitrary payload . final stage hebdomad McAfee report that to a greater extent than 100 unique feat were key out in the calendar week pursuit the vulnerability disclosure and the routine continued to produce . 34 antivirus locomotive find JNEC.a as a scourge at the mo of writing . The ransomware cipher all of the file cabinet , which might be why we watch over them move easy during our try out . The Bitcoin Wallet Ransom read 12 dealings , but it does not appear that any of them belong to to the dupe because October 2018 was the virtually Holocene epoch entering requital . The proportionality is 0.05738157 BTC at the consequence of composition , which commute to $ 229 . hashish :   RAR file away : 551541d5a9e2418b382e331382ce1e34ddbd92f11772a5d39a4aeb36f89b315e Ransomware : d3f74955d9a69678b0fabb4cc0e298fb0909a96ea68865871364578d99cd8025 Files : % AppData%\Microsoft\Windows\Start Menu\Programs\Startup\GoogleUpdate.exe