JSWorm 2.0 Ransomware Decryptor Gets Your Files Back For Free

A decryptor for the JSWorm 2.0 Ransomware has been released by Emsisoft this week that allows victims to decrypt their files for free. If you become infected with JSWorm 2.0, do not pay the ransom and instead follow the instructions below.

It is not known how the JSWorm 2.0 Ransomware is being distributed, but victims have been spotted from South Africa, Italy, France, Turkey, Iran, Vietnam, Germany, Brazil, Argentina, and the U.S.A.

Once infected, JSWorm 2.0 will encrypt a computer's files and append either the .JSWORM or .JURASIK extensions to the file's names. For example, if a file called test.jpg was encrypted, it would be renamed to test.jpg.JSWORM.

In order to decrypt your files for free, you will need to make sure that you have a copy of the ransom note that was created when you were infected. These ransom note is named JSWORM-DECRYPT.txt and is located in each folder that had files that were encrypted and on the desktop.

Decrypting the JSWorm Ransomware

If you were infected with the JSWorm Ransomware and still have the encrypted files and a ransom note, simply download the decrypt_JSWorm2.exe program from the following link and save it on your desktop:

Once downloaded, run the program with administrative privileges in order to decrypt all the files that were targeted by the ransomware.  Once started, agree to the license agreement and you will be at the bruteforcer screen where it asks you to select a ransom note.

Browse and select a ransom note and then click on the Start button. The decryptor will then display the decryption key that was found as shown below.  

You can now press the OK button to load the key into the decryptor.

The main JSWorm 2.0 decryptor screen will now be displayed and you should add any drives that contain files you wish to decrypt. 

Once ready, click on the Decrypt button to begin the decryption process. The decryptor will now search the computer for encrypted files that end with the .JSWORM or .JURASIK extensions and automatically decrypt them.

When it has finished, the Results tab will state Finished and all of your files should now be decrypted. If you need help getting this decryptor to work, feel free to ask in the comments.