Please note that these free tools are provided as-is and without warranty of any kind. The tools may only work with specific ransomware versions, and may not work with versions that were released after a tool was created. Technical support for the tools is available only to customers using a paid Emsisoft product.
JSWorm 2.0 is a ransomware written in C++ that uses Blowfish to encrypt files, and adds the extension ".[ID-numbers][email].JSWORM" to files.
Other variants have also been seen to use the extension ".[ID-numbers][email].JURASIK".
The ransom note "JSWORM-DECRYPT.txt" has the below text:
All your files were encrypted!
Your personal ID: [redacted]
>>> Contacts:
[email protected]
[email protected] (in case of no answer)
>>> What should I include in my message?
1. Country
2. List of encrypted drives and their size
3. Extension of encrypted files (.[ID-[redacted]][[email protected]].JSWORM)
4. JSWORM PUBLIC KEY (below)
>>> Free decryption as guarantee!
Before paying you send us up to 3 files for free decryption.
We recommeded to send pictures, text files, sheets, etc. (files no more than 1mb)
>>> ATTENTION!
1. Do not rename encrypted files.
2. Do not try to decrypt your data using third party software, it may cause permanent data loss.
3. Decryption of your files with the help of third parties may cause increased price (they add their fee to
our) or you can become a victim of a scam.
-------BEGIN JSWORM PUBLIC KEY-------
[redacted]
-------END JSWORM PUBLIC KEY-------