Jfwztiwpmqq ransomware removal

Jfwztiwpmqq ransomware is malware that encrypts files. It belongs to the Snatch ransomware family, which has released many ransomware versions. This ransomware can be differentiated by the .jfwztiwpmqq extension added to encrypted files.


Jfwztiwpmqq ransom note

Jfwztiwpmqq ransomware is file-encrypting malware that comes from the Snatch ransomware family, which is responsible for ransomware like Jarkvgtiiq, Cndqmi, Jdokao, Hhmgzyl, and Eknkfwovyzb. This ransomware adds .jfwztiwpmqq to encrypted files, hence why it’s called Jfwztiwpmqq ransomware. Once file are encrypted, users will be unable to open them until they first decrypt them. However, to obtain the decryptor, users would need to pay the ransom, which is not something we recommend doing. Paying is always risky because there are no guarantees that a decryptor will be sent, or that it will work. Countless times have users paid but not received anything, so users should be aware that paying is a risk. But in the end, it’s their decision to make.

Users who have backup can easily recover files, provided they first remove Jfwztiwpmqq ransomware from the computer before accessing backup. For users who don’t have backup, there aren’t many options available. They can back up encrypted files and wait for a decryptor to become available. Malware researchers are sometimes able to develop decryptors and release them for free. However, because it’s not always possible, one for Jfwztiwpmqq ransomware is not currently available. If a decryptor was to be released, it would appear on NoMoreRansom.

How does ransomware infect a computer?

Malware is a much bigger threat to users who have bad browsing habits than to those who know to not open unsolicited email attachments, click on links in unknown emails, pirate via torrents, and click on advertisements when on high-risk websites. One way to avoid infecting the computer with ransomware is to develop better browsing habits.

Malspam is one of the most common ways ransomware is distributed. Malicious actors launch malspam campaigns using email addresses bought from hacker forums. The emails are usually pretty obvious, however. And as long as users pay attention, they will be able to spot malspam pretty easily. The emails are sent from random email addresses, contain loads of grammar and spelling mistakes, and demand that users open the attachments by claiming they’re important files The majority of these emails will be quite obvious but the occasional one may be more sophisticated. Thus, it’s a good idea to scan all unsolicited email attachments with anti-virus software or VirusTotal before opening them.

Another possible way malware can enter a computer is via torrents. Malicious actors take full advantage of the fact that torrent sites are not regulated properly and upload malicious torrents. It’s usually torrents for popular entertainment content that contain malware, especially torrents for movies, TV shows, games, and software. The more popular something is, the more likely that its torrent will contain malware.

What does the ransomware do?

As soon as the Jfwztiwpmqq ransomware enters the computer, it will immediately start encrypting files. As usual, it targets photos, videos, documents, essentially all personal files that users will likely be most willing to pay for. All encrypted files will have the .jfwztiwpmqq file extension added to them. For example, image.jpg would become image.jpg.jfwztiwpmqq. Until users decrypt the files, they will be unable to open them.

A ransom note HOW TO RESTORE YOUR FILES.TXT will also be dropped. The note explains that files have been decrypted, and victims would need to send an email to devidkrek1965@cock.lu or williamscott1976@tua.io to get the decryptor. Obviously the cyber crooks behind this ransomware will not give victims a decryptor for free, they will try to sell it. The price for the decryptor is not mentioned in the ransom note, however. The ransom will likely be somewhere between $100 and $1000. Whatever the ransom is, we don’t recommend paying because it does not guarantee that a decryptor will be sent. Users should keep in mind that they are dealing with cyber criminals, and they are unlikely to feel obligation to help users, even those who pay. They do claim they will decrypt up to three files for free, provided they do not contain any important information.

Below is the text from the ransom note dropped by this ransomware:

All your files are encrypted and only I can decrypt them.
My mail is

Devidkrek1965@cock.lu or williamscott1976@tuta.io

Write me if you want to return your files – I can do it very quickly!

Do not rename the encrypted files, because of this you can lose them forever!!!!!
To prove that we are not scammers and really can decrypt your files,
you can send three files for test decryption !!! (except databases, Excel and backups)

This will allow us to see all the history of the census in
one place and respond quickly to you.

!!! Do not turn off or restart the NAS equipment. This will result in data loss!!!

Unfortunately, at this moment in time, only users who have backup can recover files for free. But users should first remove the ransomware because otherwise, files in backup would become encrypted as well.

Jfwztiwpmqq ransomware removal

Users need to use anti-virus software to remove Jfwztiwpmqq ransomware from their computers because manual removal could cause even more damage. And only after the ransomware is no longer present on the computer should users access backup to start recovering files. Unfortunately, removing the ransomware does not decrypt files.

Jfwztiwpmqq ransomware is detected as:

  • Ransom.Snatch by Malwarebytes
  • Ransom:Win64/Snatch.A!MTB by Microsoft
  • Artemis!F74D25F047D1 by McAfee
  • Trojan.Gen.MBT by Symantec
  • Ransom.Win64.KRYGO.SMTH by TrendMicro
  • HEUR:Trojan-Ransom.Win32.Gen.vho by Kaspersky
  • A Variant Of Win64/Filecoder.BL by ESET
  • Gen:Variant.Ransom.GoRansom.2 (B) by Emsisoft
  • Gen:Variant.Ransom.GoRansom.2 by BitDefender
  • FileRepMalware by AVG