Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Oct 2019

How to remove [symmetries@tutamail.com].JSWRM ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Lucia Danes · Virus researcher

[symmetries@tutamail.com].JSWRM is the cryptovirus also called JSWorm 4.0.2 because it belongs to this semi-decryptable malware family

[symmetries@tutamail.com].JSWRM ransomware[symmetries@tutamail.com].JSWRM ransomware is the file encryption-based malware that offers to decrypt 3 files out of a bunch marked with a lengthy appendix. This is a threat that employs the AES-256 encryption algorithm to lock data stored on the device and scare people into paying the demanded amount. The attack starts immediately after the infiltration when the payload file is dropped on the computer via cracked software or email attachments. Once files get chosen for the encryption names get altered with a marker template .[ID- ][].JSWRM that indicates all the untouched files from the ones that got locked. The email included in the extension also is a preferred contact email for virus developers, we don't recommend contacting JSWorm ransomware developers, especially when this is not a new version of crypto-extortion based threat.

Although [symmetries@tutamail.com].JSWRM ransomware virus affects photos, documents, audio and video files, databases, archives and other common types of data with encryption, system folders get altered too. Malware can disable security functions, programs and add registry entries, other files on the system to ensure the persistence of ransomware. The best way to fight such malware is to remove all traces with AV tools and then recover files using your file backups. However, Emsisoft decrypter was released for this particular version not long ago and you can try to use it for encoded file recovery.

Name [symmetries@tutamail.com].JSWRM ransomware
Family JSWorm ransomware
File marker .[symmetries@tutamail.com].JSWRM gets placed at the end of every encrypted file to mark the affected data once files, photos, video and audio files get locked
Ransom note JSWRM-DECRYPT.hta – a file that appears placed on the desktop, in other folders and gets opened by the virus automatically on your screen when encryption is done
Encryption method

The modified version of AES-256 algorithm[1] gets used for file encryption in campaigns of this malware

Distribution Infected files gel placed in software packages included on torrent sites, pirated software pages. Also, some of the samples get delivered via spam email campaigns when malicious macros get placed on MS documents and PDFs. Once these files get opened and macros triggered malicious script launches on the machine
Contact emails symmetries@tutamail.com, symmetries0@tutanota.com
Decryptable? Emsisoft has developed a JSWRM decryption tool you can get here. It should work for this 4.0.2 version of JSWorm also
Elimination Perform a thorough [symmetries@tutamail.com].JSWRM ransomware removal with anti-malware tools. Rely on FortectIntego to clean the virus damage and improve the performance

Although [symmetries@tutamail.com].JSWRM ransomware encrypts files and marks them with a lengthy file extension, data stored on the system gets affected differently. The malware adds various processes in the background that runs continuously and affects the performance significantly. Some AV tools can detect those processes[2] as malicious and related to malware when other files keep hidden.

You should use such software for the general [symmetries@tutamail.com].JSWRM ransomware removal too because anti-malware programs can find, indicate and remove all the potential threats, malware-related files or applications, ransomware, and its damage. 

Even though JSWRM 4.0.2 ransomware can possibly be decryptable as other versions in the same family, it is crucial to clean the system, eliminate all the threats, virus damage, and malicious files. When you leave the malicious program running for a long time it damages the registry, other programs and even parts of the system, so you have a corrupted device that cannot be used.

Another thing that is important to note is paying the ransom. It may seem a good solution to get those encrypted files recovered, but there is little to no possibility that [symmetries@tutamail.com].JSWRM ransomware developers are going to restore them for you. In most cases, people end up with damaged files and without money. [symmetries@tutamail.com].JSWRM ransomware virusExperts[3] note that when your files get encrypted by JSWRM ransomware 4.0.2 virus and marked with file appendix, you can be sure that ransomware is on the system for good. This is the initial and main process that cryptovirus is focusing on, so from there other processes are for persistence.

Also, all those changes make it even more difficult to remove [symmetries@tutamail.com].JSWRM ransomware. recover files and repair the system in general. You need additional help to achieve full malware elimination, so rely on anti-malware tools and run a scan on the system that can help indicate threats and issues affecting your device.

As for file recovery after the [symmetries@tutamail.com].JSWRM ransomware elimination:

  • try to look for a decryption tool online;
  • use Emsisoft's decryptor;
  • rely on your data backups;
  • try third-party data recovery software;
  • go through the methods listed below.

[symmetries@tutamail.com].JSWRM virus

Poor knowledge leads to unwanted malware infections

The knowledge is key and in cybersecurity, it is especially important to know what risks may be hidden behind the content you continuously visit or get exposed to unwillingly. However, pirated software, torrent sites, free program distributors online are sources that people constantly rely on but without thinking twice. 

Besides being illegal pirated software sites deliver prepacked cracked software bundles where payload droppers with malicious ransomware script also get hidden. Once you download and install such an application, the malicious file automatically loads the malware and lets it run freely.

Another method used to spread malicious files includes spam email campaigns that involve malicious macros on Microsoft files pined to emails as normal attachments. Unfortunately, the opened document triggers macros and malware delivery automatically, so your machine gets infected in a matter of minutes or even seconds.

Get rid of the malicious [symmetries@tutamail.com].JSWRM files virus

[symmetries@tutamail.com].JSWRM ransomware virus belongs to a known malware family that shows a program window JSWRM-DECRYPT.hta with a brief message about test decryption and possible outcome when you skip the paying. However, the version is possibly decryptable and paying shouldn't be considered.

You need to remove [symmetries@tutamail.com].JSWRM ransomware instead and rely on file recovery when the system gets thoroughly cleaned. You need to take into consideration that the infected machine is not a good place for newly restored files, so make sure to delete all traces.

You can achieve the best results by performing an automatic [symmetries@tutamail.com].JSWRM ransomware removal process with programs like FortectIntego, SpyHunterCombo Cleaner, MalwarebytesMalwarebytes. You can choose the alternate antivirus program but select the provider wisely. 

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.