How to Remove Jokeroo Ransomware (+File Recovery)

How to Remove Jokeroo Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

You can change and customize your ransomware
Name of the project
Change the demand of ransom
Change all the logo, An icon in format .ICO, Remove the jokeroo logo
You can choose the extension
A description to help the victim in format .TXT
Ransomware update manually
You can create 1 ransomware
The victim can pay you in Bitcoin
Withdrawal in Bitcoin
You can infected in unlimited
You will have news about the dashboard
Undetectable by AV update regularly
Spread manually
Show the IP of the victim
We will touch 15% fees ransom
You will be able to manage all the victims since the dashboard
Display: CD key, PC Name, Encrypted files, Operating System (OS)

Jokeroo is a ransomware infection. It’s a bit more particular than the other tools of its kind. Here’s the thing. Jokeroo is a customizable threat. Consider it a ‘service’ offered by cyber criminals to other cyber criminals. They let you use the Jokeroo name and a template to create your own specific ransomware menace. And, then, let it loose on unsuspecting victims. The ‘initiative’ even has its own name. It’s called ‘ransomware-as-a-service,’ or Raas for short. As a ransomware infection, Jokeroo tends to follow the set standard. It invades your PC, targets your data, and encrypts everything. Specifics may vary, like the message in the ransom note, and ransom amount. As well as, the extension that locks your file. The general actions of the ransomware follow the established norm. It strikes, and you discover every single file you have, locked. The tool uses cryptography algorithms to encrypt everything. Archives, documents, pictures, music, videos. Nothing escapes it. Then, after it encrypts your files, it proceeds to leave you a note with demands. Do NOT follow them! Regardless of its requirements and promises, do NOT comply. Don’t reach out to the cyber kidnappers. Don’t send them money. And, don’t expect them to keep the promises they make. Yes, they may claim to send you a decryption key, once you pay up. But what guarantees do you have? Zero! You have zero guarantees these people will keep their word. Don’t send them money on blind faith. Compliance is not the way to go.

How did I get infected with?

The Jokeroo infection tends to use the old but gold methods to invade your system. The most common one is via spam emails. That’s, arguably, the easiest way for ransomware tools to slither into your PC. You get an email that seems to come from Amazon, or DHL. Or, some other well-known, legitimate company. You open it, and it states that you must ‘confirm a purchase‘ or ‘verify data.‘ It feeds you a lie, and tries to get you to click a link, or download an attachment. If you do, you’re in trouble. Infections prey on your carelessness. Your distraction, haste, and naivety ease their infiltration. Don’t oblige. Don’t ease their invasion. Always take the time to do your due diligence. Double-check everything, and look for the fine print. Vigilance goes a long way, and it can save you countless issues. Other common methods, include the usual antics. Hiding behind freeware, corrupted sites, links or torrents. And, of course, posing as a bogus system or program update. Always be on your guard. It goes a long way.

Why is Jokeroo dangerous?

The individuals, behind the Jokeroo Raas, market it as a ‘fairly easily modifiable file-locker.’ And, if you choose to employ their service, they demand a percentage of your profits. There’s even package offers, you can choose from! The cheapest one is for $60, and it gets you the basic version of the Jokeroo Ransomware. If you go with it, the cyber criminals behind it, request 15% share of potential earnings. There are, of course, more expensive options to pick from. And, some don’t even require you to share your piece of the pie. The Jokeroo Raas is flexible, to say the least. And, it molds to the requirements of each client. As mentioned, in its core, the Jokeroo ransomware remains pretty typical. After it locks your files, it demands payment for their unlocking. It’s usually one that has to get done in Bitcoin. And, it can range from $500 to $1000 US Dollars, or more. The infection even tries to scare you into compliance by giving you a deadline. It claims that if you don’t complete payment within a few days, your decryption key gets deleted. And, with your key gone, your data stays locked. Don’t let that sway you into payment! Don’t allow scare tactics to get you to act against your better judgment. Pay nothing! Compliance guarantees you nothing. Don’t take chances, and don’t waste your money, time, and energy. Don’t comply.

Jokeroo Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Jokeroo Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Jokeroo encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Jokeroo encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.