JB88 ransomware removal

JB88 ransomware is malware that belongs to the Matrix ransomware family. It renames encrypted files to [Jonbrown88@criptext.com].[random characters].JB88, which is how users can differentiate that they’re dealing with this particular ransomware. It also drops the JB88_README.rtf ransom note.


Ransomware image

JB88 file-encrypting malware is part of the Matrix ransomware family. We have previously reported on two other versions from this family, BG85 and ANN ransomwares. Once the malware enters a computer, it starts encrypting files, renames them, and demands money for their decryption. It drops the JB88_README.rtf ransom note, which explains that files have been encrypted with a strong crypto algorithm AES-256 and RSA-2048. Victims are asked to send an email to three email addresses with their ID in order to get the decryptor, after they pay of course. The ransom sum is not mentioned in the note, though it will likely be somewhere between $100 and $1000, as that is the usual amount. However, whatever the ransom sum may be, it’s not recommended to pay as file decryption is not guaranteed. Users should not forget these are cyber criminals they’re dealing with, and there is no way of knowing whether they would send a working decryptor, or send one at all for that matter.

Unfortunately, this means that the only sure way to recover files is backup. File recovery should not be an issue for users who regularly backed up their files, and they can access their backup as soon as they remove JB88 ransomware from their computers. For users who don’t have backup, the only remaining option is to back up the encrypted files and wait for a decryptor to become available. Free decryptors are released by malware researchers occasionally but it’s not always possible.

We should also mention that there are a lot of fake decryptors on the Internet so users should be very careful to only download from safe sources, such as Emsisoft or NoMoreRansom.

How does ransomware spread?

In the majority of cases, ransomware is distributed via spam emails, torrents, and software cracks. Generally, it’s users’ bad browsing habits that lead to an infection.

Spam email is one of the more common ways users pick up ransomware. Malicious files are attached to an email, which is sent to users whose email addresses have been leaked and are being sold on various hacking forums. Those emails are pretty obvious, however. Senders claim to be from known/famous companies/organizations but have nonsense email addresses, the emails themselves are full of grammar/spelling mistakes and just generally seem off. So if users are careful and don’t rush to open email attachments, they should be able to spot malicious emails. But just as a precaution, it’s recommended to scan all unsolicited email attachments with anti-virus software or VirusTotal before opening them.

Users who pirate content also have an increased risk of picking up some kind of malware. Torrent sites and forums are often unregulated, which allows malware distributors to upload their malware disguised as contend that’s popular at that time, such as movies or games.

What does JB88 ransomware removal do?

The ransomware will immediately start encrypting files once it’s initiated. The ransomware targets the usual files, like photos, videos, documents, etc. All encrypted files will be renamed [Jonbrown88@criptext.com].[random characters].JB88. Once file encryption is complete, the ransomware will drop a JB88_README.rtf ransom note. The note explains how users can recover files, which is by sending an email to Jonbrown88@criptext.com, Jonbrown88@aol.com, and Jonbrown88@tutanota.com with the ID in the subject line. The note also says that 3 files can be decrypted for free, provided they don’t contain any important information.

Here is the text from the ransom note dropped by JB88 ransomware:


All yоur filеs wеrе еnсrуptеd with strоng crуptо аlgоrithm АЕS-256 + RSА-2048.
Plеаsе bе surе thаt yоur filеs аrе nоt brоkеn аnd уоu cаn rеstоrе thеm tоdаy.

If yоu rеаllу wаnt tо rеstоrе yоur filеs plеаsе writе us tо thе е-mаils:
In subjеct linе writе уоur ID: –

Impоrtаnt! Plеаsе sеnd yоur mеssаgе tо аll оf оur 3 е-mаil аddrеssеs. This is rеаllу impоrtаnt bеcаusе оf dеlivеrу prоblеms оf sоmе mаil sеrviсеs!
Important! If you haven’t received a response from us within 24 hours, please try to use a different email service (Gmail, Yahoo, AOL, etc).
Important! Please check your SPAM folder each time you wait for our response! If you find our email in the SPAM folder please move it to your Inbox.
Important! We are always in touch and ready to help you as soon as possible!

Аttаch up tо 3 smаll еncrуptеd filеs fоr frее tеst dесryption. Plеаsе nоte thаt thе filеs yоu sеnd us shоuld nоt cоntаin аnу vаluаblе infоrmаtiоn. Wе will sеnd yоu tеst dеcrуptеd files in оur rеspоnsе fоr yоur cоnfidеnсе.
Of course you will receive all the necessary instructions hоw tо dеcrуpt yоur filеs!

Plеаsе nоte that we are professionals and just doing our job!
Please dо nоt wаstе thе timе аnd dо nоt trу to dесеive us – it will rеsult оnly priсе incrеаsе!
Wе аrе alwауs оpеnеd fоr diаlоg аnd rеаdy tо hеlp уоu.

As mentioned above, paying the ransom is not recommended because it does not guarantee file decryption. The cyber criminals behind this ransomware can simply take the money and not send the decryptor. It has already happened many times in the past. Furthermore, paying the ransom only encourages cyber crooks to continue their malicious activity.

If users have backup, they can start recovering files as soon as the ransomware is no longer present.

JB88 ransomware removal

In order to safely delete JB88 ransomware users need to use anti-malware software. Manual JB88 ransomware removal should not be attempted, unless users know exactly what they’re doing.

Anti-malware programs detect JB88 ransomware as:

  • Win32:RansomX-gen [Ransom] by AVG/Avast
  • Generic.Ransom.Matrix.AE9FC992 by BitDefender
  • HEUR:Trojan-Ransom.Win32.Agent.gen by Kaspersky
  • Ransom.Matrix by Malwarebytes
  • Ransom-Matrix!D09742A6437B by McAfee
  • Ransom:Win32/Gansom.AB!MSR by Microsoft
  • Generic.Ransom.Matrix.AE9FC992 (B) by Emsisoft
  • Ransom.Win32.MATRIX.SMTH by TrendMicro