Cyber Security Center

How to delete Jdyi ransomware


Jdyi ransomware is yet another file-encrypting malware from the Djvu/STOP ransomware family. Users whose files are encrypted with this ransomware will see .jdyi added to all affected files. A ransom note _readme.txt is also dropped.

 

Jdyi ransomware note

Jdyi ransomware is part of the Djvu/STOP ransomware family, and it encrypts files. The Djvu/STOP ransomware gang is notorious for releasing more than two hundred versions of file-encrypting malware, including the most recent ones Iiss, Efji, and Mmpa. Like all of its versions, Jdyi ransomware is a dangerous infection because it encrypts files, and their decryption for free is not currently possible.

The ransomware will try to get victims to pay $980 (or $490 if contact is made within 72 hours) for the decryptor, but buying it is risky. Users should keep in mind that they are dealing with cyber criminals, so there is always a chance that a decryptor will not be sent, or it will not work. This has happened to many users in the past, so users should consider the risk before agreeing to pay.

Unfortunately, once files are encrypted, users will not be able to open them. They need to first be decrypted with the decryptor specifically for Jdyi ransomware. Currently, it’s only possible to recover files via backup. If victims do have backup, they can start file recovery as soon as they delete Jdyi ransomware from their computers.

For users who do not have backup, waiting for a free decryptor to become available is an option. However, because this ransomware uses online keys to encrypt data and they’re unique to each victim, malware researchers cannot develop a free decryptor. A Djvu/STOP decryptor by Emsisoft is available but it only works for older Djvu versions which use offline keys for file encryption. Because a decryptor is not currently available, users should be skeptical of claims that say otherwise. If a legitimate decryptor was developed, it would come from sources like NoMoreRansom, Emsisoft, other anti-virus vendors and malware researchers.

How to avoid infecting a computer with ransomware

While ransomware uses a variety of distribution methods, users can easily avoid it by developing good browsing habits. That means no opening unsolicited email attachments, no pirating via torrents, and no clicking on ads while on high-risk websites.

One of the most common ways users pick up ransomware is via email attachments. Malicious actors attach a malicious file to an email that’s written to pique users’ curiosity, and send it to email addresses they purchase from hacker forums. Those emails usually try to pressure users into opening the attachments by claiming they’re important documents. Senders also often pretend to be from known/famous companies/organizations. However, certain things give those emails away. First of all, the sender’s email address is often nonsense and unprofessional-looking. Second, the emails are often full of grammar and spelling mistakes. Overall, it’s possible to spot a malicious email, as long as users pay close attention to what emails they receive. As a precaution, it’s recommended to scan all unsolicited emails with anti-virus software or VirusTotal before opening them.

Another common way users infect their computers with ransomware is by pirating content via torrents. Torrent sites are full of all kinds of malware because they are not regulated properly. Malicious parties can easily upload their malware disguised as some kind of popular movie, TV show, game, etc. Thus, users are advised to not pirate, as it’s not only stealing but also quite dangerous for the computer.

Is it possible to recover Jdyi ransomware encrypted files

As soon as the ransomware enters the computer, it will start encrypting files. To distract users, it will show a Windows Update window and claim that updates are being installed. Once the encryption process is complete, all encrypted files will have a .jdyi file extension added to them. For example, image.jpg would become image.jpg.jdyi. Files with that extension will be unopenable until they are decrypted. To obtain the decryptor, users will be asked to pay $980, or $490 if victims contact the cyber crooks behind this ransomware within 72 hours. However, contacting them, let alone paying the ransom is not recommended. There are no guarantees that a decryptor will actually be sent to victims, or that it will work. Furthermore, users not backing up files and paying the ransom is why ransomware developers continue in this field.

Here is the ransom note dropped by this ransomware:

ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-5fdKAsZLIP
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpmanager@mail.ch

Reserve e-mail address to contact us:
restoremanager@airmail.cc

Your personal ID:

Users who do not have backup should backup the encrypted files and wait for a free decryptor to become available. While it may take a while, it’s not impossible that it will be released someday.

Jdyi ransomware removal

Users should use anti-malware software to remove Jdyi ransomware, as that is the safest way. Once the ransomware is no longer on the computer, users can access their backup. If the ransomware still remains when users connect to their backup, those files may become encrypted as well. Unfortunately, removing the ransomware does not decrypt files.

Jdyi ransomware is detected as:

  • Trojan.GenericKDZ.71069 by BitDefender
  • Win32:TrojanX-gen [Trj] by AVG/Avast
  • A Variant Of Win32/Kryptik.HHCC by ESET
  • Trojan.MalPack by Malwarebytes
  • HEUR:Trojan-Ransom.Win32.Stop.gen by Kaspersky
  • Trojan.Crypt (A) by Emsisoft
  • TrojanDropper:Win32/Bunitu.MC!MTB by Microsoft
  • Trojan.Win32.YMACCO.USMANK120 by TrendMicro