What is Jhgn ransomware

Jhgn ransomware is a very generic file-encrypting malware, one of the more recent versions of the Djvu/STOP ransomware. The malicious actors operating this ransomware family release new versions on a regular basis, with at least a couple of versions appearing every week. Once initiated on a computer, Jhgn ransomware encrypts users’ files, adds the .jhgn extensions, and requests money in exchange for a decryptor. Jhgn ransomware is regarded as a very serious infection because file recovery isn’t always possible. The malware authors will offer a decryptor for $980, though paying the ransom is very risky because it does not mean a decryptor would be sent to you. Users who have a backup should have no issues with file recovery as long as they first remove Jhgn ransomware from their computers.


Jhgn ransomware (note)


All of your personal files will immediately start being encrypted as soon as the Jhgn ransomware is initiated. Among encrypted files will be photos, images, documents, videos, and other personal files. You’ll easily be able to tell which files have been encrypted because they will have .jhgn added to them. An encrypted image.jpg, for instance, would become image.jpg.jhgn. Unless you have a special decryptor, you won’t be able to open these files. The steps for obtaining the decryptor are explained in the _readme.txt ransom note. The decryptor costs $980, according to the note, but victims who contact the malware operators within the first 72 hours are allegedly eligible for a 50% discount. Whether that is exactly the case is not clear, but generally speaking, paying the ransom is not recommended. Because there is nothing stopping the malicious actors from simply taking your money, keep in mind that you might not necessarily receive a decryptor.

You need to use anti-malware software to remove Jhgn ransomware. It’s a very sophisticated malware infection that should be removed using professional software. As soon as the ransomware has been completely removed, you can connect to your backup and begin recovering files.

File recovery will be significantly more challenging, if not impossible, for users who were not backing up files prior to infection. The only option is to wait for the release of a free Jhgn ransomware decryptor, albeit it is debatable if this will be possible. This ransomware encrypts files using online keys, which makes it incredibly challenging for malware researchers to create decryptors. However, waiting for a free Jhgn ransomware decryptor is the only option for people who do not have a backup.

Ransomware distribution methods

When users download malicious email attachments, use torrents to pirate copyrighted content, click on dangerous adverts while browsing high-risk websites, etc., they’re at a much higher risk of infecting their computers with all kinds of malware. Bad browsing habits are one of the main reasons why users infect their computers with malware. We strongly recommend not only developing better online habits but also familiarizing yourself with how malware is distributed.

If your email address has been leaked (you can check on haveibeenpwned), you will occasionally receive a malicious email of some kind. Those emails are usually harmless as long as you don’t interact with them. But when an email has a malicious attachment, the moment you open it, the malware will initiate. This is why it’s important to check all unsolicited email attachments with anti-malware software or VirusTotal before opening them. But even without anti-virus software, it’s pretty easy to identify malicious emails in most cases. Senders usually claim to be from legitimate companies but the emails are full of grammar/spelling mistakes, making it immediately obvious that something is not right. Malicious emails also use generic words like User, Member, Customer, etc., to address users when legitimate emails would use users’ names.

Malicious actors also use torrents to distribute malware. Because torrent sites are often poorly regulated, cybercriminals can easily upload torrents that include malware. Malware is frequently found in torrents for well-known films, video games, TV series, software, etc. So pirating using torrents is not only stealing content but also dangerous for your computer/data.

How to remove Jhgn ransomware

Given that ransomware is a very sophisticated virus infection, attempting to manually remove Jhgn ransomware is not recommended. If you’re not careful, you could unintentionally damage your computer even more, or you might not completely remove all ransomware components. The ransomware may be able to recover if you still leave some components. And if you tried to access your backup while the ransomware was active on your computer, your backed-up files would also be encrypted. We strongly recommend using anti-malware software to remove Jhgn ransomware. You can safely connect to your backup to begin file recovery once the ransomware has been removed.

Jhgn ransomware is detected as:

  • Win32:AceCrypter-V [Cryp] by Avast/AVG
  • Trojan.Crypt (A) by Emsisoft
  • HEUR:Trojan.Win32.Strab.gen by Kaspersky
  • Packed-GDT!98122F1B2B71 by McAfee
  • Trojan:Win32/Raccrypt.GB!MTB by Microsoft
  • Trojan.GenericKD.50199478 by BitDefender
  • Trojan.MalPack.GS by Malwarebytes
  • Ransom.Win32.STOP.YXCD1 by TrendMicro


Jhgn ransomware detections