Remove Jjyy ransomware

Jjyy ransomware is a malicious program that will encrypt your files and demand a payment in exchange for their recovery. It belongs to the Djvu/STOP family of malware and is one of the more recent versions. This version can be identified by the .jjyy added to encrypted files. It also drops a _readme.txt ransom note that explains how victims can acquire the decryptor. The malicious actors operating this ransomware demand $980 for a decryptor. And even if you pay, a Jjyy ransomware decryptor is not guaranteed because you’re dealing with cyber criminals who do not always keep their end of the deal.


Jjyy ransomware note


Like most ransomware, Jjyy ransomware will target all personal files and start encryption immediately after it’s initiated. It will encrypt your photos, videos, images, documents, etc. All encrypted files will have .jjyy added to them, so you will be able to identify them immediately. For example, an image.jpg file would become image.jpg.jjyy. You will not be able to open any of the encrypted files unless you first use a decryptor on them. The process of acquiring the decryptor is explained in the _readme.txt that gets dropped in all folders that contain encrypted files. Unfortunately, the malicious actors operating this ransomware demand $980 for the decryptor. The note does mention a 50% discount for victims who contact the cyber criminals within the first 72 hours but we’re not certain how legitimate these claims are. Whatever the case may be, keep in mind that you are dealing with cybercriminals who are unlikely to feel any kind of obligation to send you the decryptor even if you pay.

Unfortunately, there is currently no option to decrypt files for free for people who do not have backups. When possible, malware researchers do develop free decryptors to assist victims, but not all ransomware is so easily decryptable. Because more recent Djvu/STOP ransomware versions, including Jjyy ransomware, use online keys to encrypt files, a free decryptor is unlikely unless those keys are released by the malware operators. You can find a free Djvu/STOP decryptor by Emsisoft but while it’s worth a try, it’s unlikely to work on files encrypted by Jjyy ransomware.

We should also point out that there are a lot of fake decryptors available, especially for the Djvu/STOP ransomware family. Users need to exercise extreme caution and only download decryptors from reputable websites, such as NoMoreRansom and Emsisoft. If you come across a decryptor on a questionable forum, it’s more likely to infect your computer with malware than to decryptor your files.

When users remove Jjyy ransomware from their computers, they can safely access backups to begin recovering their files. It’s recommended to use anti-malware software to remove Jjyy ransomware from the computer because it’s a very complex infection that requires professional software to remove.

How did ransomware enter your computer?

In many cases, users’ bad online habits lead to malware infection. Users are highly likely to infect their computers with malware if they open unsolicited email attachments without double-checking, click on ads while browsing questionable websites, download content via torrents, etc. Developing better habits can help avoid a lot of malware infections in the future.

It is well known that using torrents to pirate copyrighted content frequently results in dangerous malware infections. Because torrent sites are often poorly monitored, malicious actors can upload torrents for movies, TV series, video games, software, and other media with malware in them. When users download a malicious torrent and open it, they unknowingly initiate the malware. It should go without saying that downloading pirated content also essentially amounts to content theft.

One of the most common ways for users to get malware on their computers is through email attachments. Malicious actors use email addresses they have obtained from various hacking forums to send emails that contain malicious attachments. For people who are aware that malware may be sent via emails, malicious emails should be quite obvious. But less tech-savvy users may not know what to look for and end up downloading/opening those attachments. Grammar and spelling mistakes in emails supposedly sent by known companies are one of the biggest giveaways. You will rarely find any mistakes in legitimate emails because they look very unprofessional. Another sign is senders who should know your name using generic words like “User”, “Member”, “Customer”, etc., to address you. Since malicious actors often do not have potential victims’ names, they are forced to use generic words. Finally, it’s strongly recommended to use anti-virus software or VirusTotal to scan all unsolicited email attachments before opening them to determine whether they are safe to open.

How to remove Jjyy ransomware

Ransomware is a complex infection, thus using anti-malware software to remove Jjyy ransomware is highly recommended. Users shouldn’t try to manually delete Jjyy ransomware since they risk causing additional damage to their computers. Unfortunately, removing the ransomware does not unlock files; a decryptor is required for that. If you have a backup, you can access it to start recovering files as soon as you remove Jjyy ransomware.

Jjyy ransomware is detected as:

  • FileRepMalware [Pws] by AVG/Avast
  • VHO:Trojan.Win32.Agent.gen by Kaspersky
  • ML.Attribute.HighConfidence by Symantec
  • Trojan.MalPack.GS by Malwarebytes
  • Packed-GDD!A16D996079CE by McAfee
  • Trojan:Win32/Sabsik.FL.B!ml by Microsoft


Jjyy ransomware detections