The Emsisoft malware team has just released a free decryptor for the JSWorm 4.0 ransomware. Thanks to Francesco Muroni who helped crack it.

If you have been infected with this ransomware, please download the free decryptor linked below. DO NOT PAY the ransom. A detailed guide is also included.

• Download the JSWorm 4.0 decryptor here

Emsisoft JSWorm 4.0 Decryptor

Technical details

JSWorm 4.0 is a ransomware than uses a modified version of AES-256, and RSA-4096 to encrypt files. ID-Ransomware has received over 100 confirmed submissions from around the world, including the US, Canada, Indonesia, Egypt, Germany, France and India. Files that have been encrypted by JSWorm 4.0 are appended with the file extension “[ID-<ID>][<email>].JSWRM”.

The ransomware also creates a ransom note titled “JSWRM-DECRYPT.hta”, which contains the following text:

“JSWRM 4.0.2

Your files are corrupted!

Identificator for files: [redacted]

E-mail for contact: symmetries@tutamail.com

Backup e-mail for contact : symmetries0@tutanota.com

Free decryption as guarantee!

Before paying you can request free decryption of 3 files.

Total size of files must be less than 5MB (non-archived).

Files shouldn’t contain valuable information (accept only txt\jpg\png).

Attention!

Don’t try to decrypt it manually.

Don’t rename extension of files.

Don’t try to write AV companies (they can’t help you).”

Successful JSWorm 4.0 Decryption

• Download the JSWorm 4.0 decryptor here.

Contrary to what the ransom note says, AV companies can help you. If you have any questions, feel free to reach out.

The post Emsisoft releases a free decryptor for the JSWorm 4.0 ransomware appeared first on Emsisoft | Security Blog.