How to Remove JCry Ransomware (+File Recovery)

How to Remove JCry Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

All Your Important Files have been Encrypted
1- Send 500$ worth of Bitcoin to this Address : 1FKWhzAeNhsZ2JQuWjWsEeryR6TqLkKFUt
2- Download Tor Browser and Open the following Link : Recovery Link
3- Enter the Address used in Payement
4- We’ll check your Payement and upload your Decryption Key
5- Open the same link again (after a while) and enter your Unique ID to get your Decryption Key
Your Unique Key :


JCry
is yet another ransomware. This virus sneaks into your system, infects it, and corrupts your personal files. The ransomware wreaks utter havoc. It spreads its roots around your entire OS. The virus modifies the registry, corrupts essential directories, drops malicious files, and starts dangerous processes. The nasty virus follows programming to detect and encrypt the user-generated files. Pictures, music, documents, databases, archives. JCry encrypts your precious data with strong encryption algorithms and adds the “.jcry” extension at the end of the corrupted files. Thus, if you have a file named “example.txt” the ransomware will rename it to “example.txt.jcry.” You can see the icons of your files, but you cannot view or edit them. In a file named “JCRY_Note.htm,” the ransomware’s owners premise a decryption software. In exchange for $500 paid in Bitcoin, the hackers swear to recover your data. Do not trust these people, though. They are the ones that got you in this situation. They blackmail you. These criminals keep your files under lock and key and bribe you into paying an astonishing sum. Do not become a sponsor of these arrogant criminals. Consider discarding your files. If you have data backups saved on external storage, you can use them to restore your files. Just make sure that JCry is completely removed before you attempt any file-recovery operations.

How did I get infected with?

JCry is spread through compromised websites. Once you visit such a web page, a message pops up. It explains that your app cannot display the content of the page correctly and urges you to update your software. Once you click on the “Accept” button, of course, the virus sneaks into your system. Do not give into naivety! No anti-virus app can protect you if you toss caution to the wind. Only your vigilance and caution are strong enough to keep your machine secure and virus-free. Even a little extra attention can spare you an avalanche of problems. Always keep your guard up. Don’t visit suspicious websites. Download software and updates from reputable sources only. And be careful how you interact with your inbox. The good old spam emails are still the number one cause of virus infections. Treat all unexpected messages as potential threats. Always verify their senders. If, for example, you receive an unexpected email from an organization, go to their official website. Compare the email addresses listed there to the questionable one. If they don’t match, delete the pretender. You can also enter the suspicious addresses into a search engine. If they were used for questionable business, someone might have complained.

Remove JCry

Why is JCry dangerous?

JCry ransomware is a complete and utter menace. This virus sneaks into your system and corrupts your data. Pictures, videos, archives. The virus locks everything! It turns your computer into a useless machine. Everything you download or create gets locked as soon as you save it. Sadly, there is no third party decryption tool for the virus. Paying the ransom, however, is not advisable. The hackers are notorious for double-crossing their victims. These criminals promise a lot, but they don’t deliver. There are cases when the victims paid just to be blackmailed for more. There are also instances when the victims received nonfunctional keys or partly working decryption software. Not to mention that more often than not, the hackers ignore the victims once they receive the money. Do not test your luck. You cannot win a game against experienced criminals. These people are cunning manipulators who know how to lure you into unwanted actions. Your best course of action is the immediate removal of the virus. Find where JCry lurks and delete it upon detection. Remove this menace for good!

JCry Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover JCry Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with JCry encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate JCry encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment