Remove Jhdd ransomware

Jhdd ransomware is a generic ransomware infection, released by the cybercriminals operating the Djvu/STOP ransomware family. .jhdd virus is essentially another version of Djvu/STOP. The cybercrime group releases these new versions on a regular basis, with Jhdd ransomware being one of the more recent versions. While this ransomware is very generic, it’s also very dangerous. Once inside a computer, the ransomware will encrypt your personal files, essentially taking them hostage. The ransomware operators will demand that you pay a ransom, though giving in to the demands is quite risky, mainly because it does not guarantee file decryption.

 

 

Most ransomware versions from the Djvu/STOP malware family are very similar but they add different file extensions to encrypted files, which is how you can identify which version you are dealing with. This ransomware adds .jhdd, hence why it’s known as Jhdd ransomware. All personal files will have this extension, including photos, images, videos, and documents. You will be unable to open any of these encrypted files unless you first use a decryptor on them. However, getting the decryptor will not be easy because the only people who currently have it are the cybercriminals operating this ransomware. They will not just give it to you, but instead, demand that you pay a ransom. The terms of acquiring the decryptor will be explained in the _readme.txt ransom note that’s dropped in folders that contain encrypted files.

The _readme.txt ransom note is mostly identical to the ones dropped by other ransomware in this family. The only thing that changes is the contact email addresses. The email explains that in order to get the decryptor, you need to pay a ransom. The regular price for the decryptor is $980 but the note does mention that there is a 50% discount for victims who make contact within the first 72 hours. However, whether that is true is debatable. Trusting cybercriminals to keep their end of the deal is not a good idea because there’s nothing to force them to do so. What likely would happen if you paid the ransom is the cybercriminals would just take the money and not send anything in return. This has, unfortunately, happened to many users in the past and will likely happen many times in the future. Whether to pay the ransom or not is your decision to make but we feel it’s necessary to inform you about the risks that come with paying the ransom.

If you have a backup, you will be able to recover your files easily. However, it’s essential that you completely remove Jhdd ransomware from your computer. It’s recommended to use anti-malware software because manual Jhdd ransomware removal is dangerous unless you know exactly what to do. Using anti-malware software is not only easiest, but it’s also safest. Once the ransomware is gone from your computer, you can access your backup to begin recovering files.

For users who do not have a backup, waiting for a free decryptor may be the only option. However, whether one will be released is not certain. Ransomware versions from the Djvu/STOP family (including Jhdd ransomware) use online keys to encrypt files, which means that they are unique to each victim. Unless those keys are released by the cybercriminals themselves (not impossible) or if they are ever apprehended by law enforcement, a free Jhdd ransomware decryptor is not very likely. You can find a free Djvu/STOP decryptor by Emsisoft but it will not work on Jhdd ransomware or other more recent Djvu versions. It’s worth a try, however.

How do cybercriminals distribute ransomware

Users who have bad browsing habits are much more likely to pick up malware infections because they engage in risky behavior. That includes opening unsolicited email attachments without double-checking them, clicking on ads while browsing high-risk websites, and pirating using torrents. Developing good habits can help avoid a lot of malware in the future.

For cybercriminals, email attachments are one of the easiest ways to spread ransomware. Malicious actors buy email addresses from various hacker forums, attach a malicious file to an email, and send it off. The emails are harmless as long as the files are not opened. If you were to open such a file, the ransomware would initiate on your computer. But the majority of these emails are very poorly written, which makes it very easy to recognize them for what they are. It’s especially obvious when senders pretend to be from legitimate companies/organizations but their emails are full of grammar/spelling mistakes. How an email addresses you can also hint at whether it’s legitimate or not. If the sender claims that you use their services but addresses you with generic words like User, Member, Customer, etc., it may be a malicious email. It’s generally accepted to address customers by their names in emails, so if an email asks you to open an attachment but does not use your name, you should be very cautious. It’s also worth mentioning that malicious spam emails can also be quite sophisticated. Thus, it’s recommended to always scan unsolicited email attachments with anti-virus software or VirusTotal before opening them.

Torrents are another great way to infect a computer with malware. You are likely already aware of this but torrent sites are often badly regulated, which allows cybercriminals to easily upload torrents with malware in them. Malware is usually found in torrents for popular movies, TV series, video games, software, etc. The more popular something is, the more likely its torrents will have malware in them. Not only is pirating copyrighted content essentially stealing, but it’s also dangerous for your computer/data.

Jhdd ransomware removal

When it comes to ransomware, it’s always recommended to use anti-malware software. Ransomware threats are very complicated infections, and trying to deal with them manually can lead to even more issues. Thus, all users should use anti-malware software. Once the ransomware is completely gone from the computer, you can connect to your backup to start recovering files. If you do not have a backup, back up your encrypted files and occasionally check NoMoreRansom for a free decryptor.