Janelle ransomware (virus) - Recovery Instructions Included

Janelle virus Removal Guide

What is Janelle ransomware?

Janelle ransomware threatens to delete the decryption key after a certain amount of time

Janelle ransomwareRansomware locks your data and then demands you to pay $600 for its return

Ransomware is a type of computer malware that locks all personal data and then demands ransom for its return. Janelle virus is a member of this category and recently showed up in the cybersecurity landscape. While it is unknown which channels malware uses to propagate, victims get infected without knowing anything about it, and once they realize what's happened, it is already too late.

By that, we mean that all pictures, videos, documents, and other personal files get locked with a strong encryption algorithm,[1] acquiring the .JANELLE extension in the process. Note that the data is not corrupted; it simply requires a unique key to unlock it and bring it back to the working state. If you wonder who has this key – it is the cybercriminals behind the malware attack, although it is obvious that they are not willing to provide it for free.

As soon as the encryption process, which lasts mere seconds, is complete, a pop-up window titled JANELLE (it can be found on the computer's desktop under the index.html name) shows up. It explains the situation to victims and claims that the only way to recover files is by paying a ransom within 24 hours, which should be transferred as $600-worth of bitcoins.

Additionally, ransomware drops another text file, “Readme.txt,” which serves as a FAQ, where most frequently, questions by victims are answered. We strongly discourage victims from cooperating or even contacting the attackers, as there is a chance of being scammed after paying the ransom.

Name Janelle ransomware
Type Ransomware, data locking malware, cryptovirus
Based on HiddenTear
File extension .JANELLE, appended to each of the personal files, which means they can no longer be opened or edited
Ransom note index.html and Readme.txt
Contact Via the ransom note
Ransom demand $600 in bitcoin
File Recovery If no backups are available, recovering data is almost impossible. Nonetheless, we suggest you try the alternative methods that could help you in some cases – we list them below
removal Perform a full system scan with powerful security software
System fix Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the OS and avoid its reinstallation, we recommend scanning it with the FortectIntego repair tool

The ransom notes

Let's dive into the analysis of the ransom notes. As we already mentioned, there are two ransom notes that are dropped after the file encryption is complete. One of them immediately opens automatically, so there is no way that victims would miss it. In fact, ransomware does not hide its presence as soon as it manages to infect Windows and encrypt files but rather tries to make sure that users would see the contact and other relevant information – it increases the chances of payment.

Here's the full message from the pop-up window:

Oops! Your FIles have been encrypted
What Happened to My Computer?
Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.

Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But if you want to decrypt all your files, you need to pay. You have 24 hours to submit the payment. After that the price will be doubled. Also, if you don't pay in 7 days, you will not be able to recover your files forever.

How Do I Pay?
Payment is accepted in Bitcoin only. For more information, click
Please check the current price of Bitcoin and buy some bitcoins. For more information, click
And send the correct amount to the address specified in this window.
After your payment, click . Best time to check: 9:00am – 11:00am GMT from Monday to Friday.
Once the payment is checked, you can start decrypting your files immediately.

If you need our assistance, send a message by clicking .
We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, you will not be able to recover your files even if you pay!

Send $600 worth of bitcoin to this address

The ransom note reminds the one used by the notorious WannaCry virus, which started the ransomware spree back in 2017. Unsurprisingly, the structure of the note is also very similar. More recent malware strains such as Djvu do not include the timer, neither do they claim that the key to the files will be lost after a certain period of time.

However, it seems like the authors of Janelle ransomware try to apply pressure to victims, as ticking time might corner them – this is especially true if the locked data is extremely important. Basically, the attackers are using any means in order to make users pay the demanded $600. Keep in mind, however, that there is no proof that the key will be deleted completely after the time expires.

Janelle ransomware virusRansom note includes two timers that are meant to frighten users and create the pressure to pay

Crooks are also mentioning the fact that using security software might fully corrupt all data, which is also not true, as long as you perform Janelle ransomware removal correctly – it is your first step for recovery. Find all the information needed below. Remember, while paying criminals might seem like the only choice, it is extremely risky, as cybercriminals can never be trusted in general. Besides, it would only encourage them to infect more people.

What to do after being infected?

Ransomware is among the most devastating computer infections. According to the 2021 report, it has seen a rise of 151% in 2021 from the previous year.[2] Corporations are extremely vulnerable to this phenomenon, although home users are also popular targets to cybercriminals. This is why new strains, such as Janelle, emerge (malware does not seem to be connected to any previous malware family).

This is another red flag, however, as cybercriminals might not be experienced enough. For example, the decryption tool might not work or could be infected with other malware. Thus, do not contact the attackers but rather fight the infection. We provide a step-by-step guide below.

1. Remove ransomware

To prevent the ransomware from corrupting your data and remove the infection carefully, you should access Safe Mode and perform a full system scan with SpyHunter 5Combo Cleaner or Malwarebytes anti-malware. Before you do this, disconnect your computer from the internet – you can simply plug out the ethernet cable or disconnect your WiFi via a system tray.

Windows 7 / Vista / XP

  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list.Windows XP/7

Windows 10 / Windows 8

  1. Right-click on the Start button and select Settings.
  2. Scroll down to pick Update & Security.
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find the Advanced Startup section.
  5. Click Restart now.Recovery
  6. Select Troubleshoot.Choose an option
  7. Go to Advanced options.Advanced options
  8. Select Startup Settings.Startup settings
  9. Click Restart.
  10. Press 5 or click 5) Enable Safe Mode with Networking.Press F5 to enable Safe Mode with Networking

After you remove all malicious files from your system, do not rush to leave it just yet and proceed with the next step.

2. Make backups

If you have backups for your files ready, you can skip this step. The unfortunate truth is that most ransomware victims do not back up their data, ending up losing it after the infection has occurred. This scenario is very unfortunate, especially when files are important – precious photos or work/school documents.

If you are one of those people who do not have backups, you should use an external storage device to copy all the encrypted files over. This would guarantee that the locked data would not get corrupted when trying to restore it using the methods provided below.

Note: to avoid this scenario in the future, make sure you backup your files regularly. You can find more information on how to do that below.

3. Recover your files without paying

As we already mentioned, this ransomware is relatively new, so there has been no proof yet that the attackers can actually provide a working decryptor. Therefore, the risk of losing not only files but also money is quite high. Instead, we recommend using alternative ways to recover files.

One of the most effective things you can try is third-party recovery software.

  • Download Data Recovery Pro.
  • Double-click the installer to launch it.
    Janelle ransomware
  • Follow on-screen instructions to install the software.Install program
  • As soon as you press Finish, you can use the app.
  • Select Everything or pick individual folders where you want the files to be recovered from.
  • Press Next.
  • At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  • Press Scan and wait till it is complete.
  • You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  • Press Recover to retrieve your files.Recover files

Another way to restore .JANELLE files is to wait for a free decryptor from security experts. There are plenty of examples where researchers managed to find bugs[3] within the ransomware code, which allowed them to create a free decryption tool. Alternatively, law enforcement agencies might capture the remote servers controlled by the attackers, which would make all the unique keys available to victims. Here are a few links you can use to look for a decryptor:

Unfortunately, there is also a chance that none of these methods might work for you currently.

4. Repair damaged system

Finally, you should not forget your Windows system, which could be damaged after a malware infection. Once a computer is infected with malware, its system is changed to operate differently. For example, an infection can alter the Windows registry database, damage vital bootup, and other sections, delete or corrupt DLL files, etc. Once a system file is damaged by malware, antivirus software cannot do anything about it, leaving it just the way it is. Consequently, users might experience performance, stability, and usability issues, to the point where a full Windows reinstallation is required.

Therefore, we highly recommend using a one-of-a-kind, patented technology of FortectIntego repair. Not only can it fix virus damage after the infection, but it can also remove malware that has already broken into the system thanks to several engines used by the program. Besides, the application can also fix various Windows-related issues that are not caused by malware infections, for example, Blue Screen errors, freezes, registry errors, damaged DLLs, etc.

  • Download the application by clicking on the link above
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Janelle virus. Follow these steps

Create data backups to avoid file loss in the future

One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.

Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:

  • Backup on a physical external drive, such as a USB flash drive or external HDD.
  • Use cloud storage services.

The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.

Using Microsoft OneDrive

OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:

  1. Click on the OneDrive icon within your system tray.
  2. Select Help & Settings > Settings.
    Go to OneDrive settings
  3. If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
    Add OneDrive account
  4. Once done, move to the Backup tab and click Manage backup.
    Manage backup
  5. Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
  6. Press Start backup.
    Pick which folders to sync

After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).

Using Google Drive

Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.

You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.

  1. Download the Google Drive app installer and click on it.
    Install Google Drive app
  2. Wait a few seconds for it to be installed. Complete installation
  3. Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
    Google Drive Sign in
  4. Click Get Started. Backup and sync
  5. Enter all the required information – your email/phone, and password. Enter email/phone
  6. Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
  7. Once done, pick Next. Choose what to sync
  8. Now you can select to sync items to be visible on your computer.
  9. Finally, press Start and wait till the sync is complete. Your files are now being backed up.

Report the incident to your local authorities

Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Janelle and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions