Jeeperscrypt Ransomware Removal Guide

Do you know what Jeeperscrypt Ransomware is?

Our researchers say Jeeperscrypt Ransomware was most likely developed by amateur hackers as the malware’s code appears to be poorly written. Because of this, it is possible to decipher the threat’s encrypted files without paying the ransom since volunteer IT specialists have already created a working decryption tool themselves that is available to download via the Internet. Therefore, we urge users not to fund the cyber criminals behind this infection and use free decryption tools instead. After the files are recovered, you should erase the malicious application immediately. The removal guide placed below the main article should help you eliminate it manually. Also, users can retrieve their data by simply switching enciphered files with copies from removable media devices. In such case, we would recommend erasing Jeeperscrypt Ransomware first just to be on the safe side. If you want to learn more about this application, we encourage you to continue reading the article.

It is believed the malware might enter the system with malicious files, e.g. fake pictures, installers, infected documents, and so on. Such files could reach the ransomware’s victims via Spam emails as it is still one of the most popular ransomware distribution methods. Thus, if you encountered Jeeperscrypt Ransomware it probably happened because you were too careless with suspicious emails. However, it is entirely possible the threat could be distributed with malicious installers or other files shared on harmful web pages. In any case, the infection’s appearance signalizes that the computer might be vulnerable to threats and the user needs to be more careful. One of the easiest ways to guard the system against malware is to have a reputable security tool installed. Additionally, we would advise you not to enter any sites or launch any files that could be harmful.

Jeeperscrypt Ransomware can start encrypting your files soon after you launch it. Our researchers say it most likely does not need to install itself since it can work right from the location where you downloaded it. The version we tested were programmed to encipher files in the Pictures, Music, Videos, and Desktop folders located on the computers C: disk. Plus, the malicious application should be able to encrypt some files on the D: drive if it exists on the victim’s PC. As usually, the malware targets user’s personal data, such as pictures, photos, videos, archives, and so on.

Another thing our researchers learned while testing the application was that the threat does not create unique decryption key for each infected device. There should be one decryption key for all devices infected with the same version of Jeeperscrypt Ransomware. For instance, this is the key Y29uaGVjaW1lbnRvIG5hbyBlIGNyaW1lIGNyaW1lIHNlciBidXJybyBlIGJhaXhhciBxdWFscXVlciBtZXJkYSBuYSBpbnRlcm5ldCBhY2hhbmRvIHF1ZSB2YWkgc2UgDQpkYXIgYmVtIGlzc28gZSBwcmEgdm9jZXMgYXByZW5kZXIgYSBuYW8gYmFpeGFyIG1haXMgbWVyZGEgbmEgaW50ZXJuZXQgc2V1cyBvdGFyaW9z our specialists managed to extract from the malicious application’s code. You could try to enter this key into the provided box on the malware’s window; if your system is infected with the same version, this particular key might help you decipher encrypted files.

The infection should display its window after the encryption. The provided message in it is a ransom note from the hackers who created the malware. It demands Jeeperscrypt Ransomware’s victims to contact them and pay a particular amount of money in twenty-four hours. As we said earlier, there is no need to risk your money as you could try to use the decryption key we mentioned above or look for the free decryption tool. Just make sure you delete the malicious application afterward since it could be dangerous to leave it unattended. The removal guide placed below is there to help you with this task, so feel free to use it. Lastly, to make sure the computer is clean and secure we would recommend scanning it with a reputable antimalware tool too.

Erase Jeeperscrypt Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Open the Task Manager and choose Processes.
  3. Find the malicious process, select it and click End Task.
  4. Close the Task Manager.
  5. Press Windows Key+E.
  6. Navigate to:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  7. Find the infected file that was opened before the threat appeared.
  8. Right-click the suspicious file and press Delete.
  9. Exit File Explorer and empty your Recycle bin.
  10. Reboot the system.

In non-techie terms:

Jeeperscrypt Ransomware might be distributed in Spanish-speaking countries as its provided ransom note is written only in this language. Such note should be displayed only after the malware enciphers user’s personal files and according to it, the only way to recover your files is to pay the ransom. Fortunately, the way this malicious application’s code was written allowed specialists to obtain the decryption key without any trouble, so users can try to use this key or download the created decryption tool free of charge. Thus, we advise you not to pay the ransom and try other options first. If you want your system to be secure it also important to remove the threat; you can do it either manually with the steps placed above or automatically with a reliable antimalware tool.