‘.justice File Extension’-Threat In Detail
‘.justice File Extension’ Ransomware is another variant of Jigsaw ransomware threat that successfully encrypted data on the attacked PC and earned huge profit by demanding ransom.
‘.justice File Extension’ Ransomware is the name given as the encrypted files by the threat receives ‘.justice’ extension. The threat make use of AES-256 encryption algorithm to encode data and then applies more advanced encipher RSA2-2048 to the files cipher to make impossible for the users to decode the files and force them to pay the ransom.
‘.justice File Extension’ Ransomware is distributed through spam bots that contains the payloads of the infection and once user open and runs the macro-enabled script, then the threat gets installed successfully on their system.
File extensions encrypted are:
PDF, DOCX, DOC, PPTX, PPT, XLS, XLSX, MP3, MP4, AVI, DB, SQLITEDB, MDB, JPEG, JPG, PNG, BMP and MKV
After encrypted, ‘.justice File Extension’ Ransomware appends ‘.justice’ extension to the files and leaves a ransom note in Turkish language that is displayed on the windows Screen.
The text appears as:
BU PROGRAM AÇILDIYSA TÜM SİSTEM DOSYALARINIZ KiLiTIENMİSTİR. BU KİLİDİ AÇABİLMENİZ İÇİN TEK GEREKEN SEV PARADIR
KORKMAYIN BU PARA SİZİN DEĞİLDİR. SİZDEN İSTEMİ$ OLDUĞUMUZ PARA BU ZAMANA KADAR ÇALI$TIRDIĞINIZ İNSANLARIN EMEKLERİNDEN CALDIĞINIZ PARADIR ENDİ$ELENECEK BİR DURUM YOKTUR.
SİZLERE BU KONUYU DOWNMENİZ İÇİN VAKİT TANIYORUZ. VAKTİNİZİN BEDELİ OLARAK HER DAKİKA 1 DOSYA SİLİNECEKTİR EĞER DOSYALARINIZIN BİR ÖNEMİ YOK İSE TÜM DOSYALARINIZI SiLEBİLİRSİNİZ. HERHANGİ BİR BEDEL ÖDEMEK ZORUNDA DEĞİLSİNİZ.
DOSYALARINIZI KURTARMAK İÇİN A$AĞIDAKi TALİMATLARI TAKİP EDİNİZ.
ÖDEME YALNIZCA BİTCOİN OLARAK ALINACAKTIR. HERHANGİ BİR SORUN İÇİN BiZiMIE ilETİSİME GECEBİLİRSİNİZ’
The ‘.justice File Extension’ Ransomware is also reported to delete the Shadow Volume Copies and erase system restore points if any saved by the user. So that the victims are left with no other option than to pay the ransom and get their files decoded.
However, there is no any guarantee that they will decrypt all the files after receiving the payment. Thus, security researchers advise not to pay the ransom to the authors of ‘.justice File Extension’ and quickly remove the threat from the PC. Also, you can try recovering your data from backups if any or take the help of data recovery software programs.