JiangLocker ransomware (virus) - Free Guide
JiangLocker virus Removal Guide
What is JiangLocker ransomware?
JiangLocker ransomware holds files hostage, demanding a ransom in exchange for a decryption tool
JiangLocker is a malicious program that locks files and demands ransom in return for a decryptor
The JiangLocker computer virus locks all data on both local and networked drives in order to have a pretense of money extortion. Most frequently, users install ransomware unintentionally when they open a spam email attachment or when they download a malicious file that masquerades as a cracked application. More sophisticated delivery methods, such as drive-by downloads, may also be used sometimes.
As soon as the virus is installed on Windows, it searches for documents, pictures, and other files to encrypt. In just a brief few moments, users would find their data inaccessible, and each of the files would be appended with a .jiang extension, making them lose their original icons as well.
Soon after that, JiangLocker ransomware would deliver a read.ini ransom note, which broadly explains to users what has happened to their files. In addition, a pop-up window would also show up and would include identical text to the one found in the text file. According to the message, users should transfer 0.05 BTC to1PdLyXQb2LpApw3e8DLLRu6vWyWLibaXtJ crypto-wallet (these parameters may vary from user to user) and then use a special button within the pop-up window to recover access to their files. Please ignore these requests and check the info below for a better solution.
|Type||Ransomware, file-locking malware, cryptovirus|
|Ransom note||read.ini, “JiangLocker” pop-up window|
|Data Recovery||Data recovery is nearly impossible if backups are not available. However, we advise you to try the alternate approaches listed below, which could be helpful to you in some circumstances|
|Malware removal||Manual virus removal is not recommended, as it might be difficult for regular users. Instead, SpyHunter 5Combo Cleaner or other anti-malware tools should be used|
|System fix||Malware can seriously impact a Windows computer's performance and stability after it is removed. We recommend scanning the system with RestoroIntego to remedy it and avoid significant stability issues|
Questionable payment methods and decryptor retrieval
Cybercriminals are well aware of the new trends within their illegal line of business and constantly try new tricks to make victims pay ransoms. For example, attacks on corporate entities and organizations manifested as not only files being held hostage but also sensitive data being stolen from local networks. Crooks then have a pretense of blackmailing them, as they threaten to release this information to the public, which can cause tremendous damage.
When it comes to ransomware which attacks regular computer users, hackers are well aware that most of them don't make proper data backups, abusing this fact to their favor. JiangLocker ransomware authors came up with a small program that would launch as soon as the virus finalizes the data locking process – it should make the payment process easier. Within the pop-up and the ransom note, read.ini lays the following information:
What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are
busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
If you want to decrypt all your files, you need to pay.
How Do I Pay?
Payment is accepted in Bitcoin only. For more information, click .
Please check the current price of Bitcoin and buy some bitcoins. For more information, click .
And send the correct amount to the address specified in this window.
After your payment, click button.
Once the payment is checked, you can start decrypting your files immediately. it may take a few hours.
We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!
1. To pay us, you have to use Bitcoin currency. You can easily buy Bitcoins at following sites:
2. After then, if you already have Bitcoins, pay our Bitcoin address.
3. Then, press the “Check Payment & Decrypt all Files” button. We will automatically decrypt your files, after bitcoin transfer.
Send 0.05 BTC to;
Contrary to what they may imply, it is not advisable to contact cybercriminals. The main goal of criminals is to appear approachable and friendly in order to increase the likelihood that victims would pay. This is a grievous mistake, though, since there have been countless instances when victims have paid attackers and yet not gotten the promised decryptor. Besides, there is no guarantee that the setup process of automatic decryption would work in the first place.
JiangLocker delivered ransom note
How to remove JiangLocker ransomware and recover files?
Many users who get infected with ransomware are shocked as soon as they realize that their files seem to be corrupted and unusable. While ransomware infection can be truly devastating, panicking would not solve the situation, and if you want to have at least a small chance of retrieving at least some of your files, you should perform remediation steps in the right order. Below you will find all you need to do just that.
1. Disconnect from the network
During the infection phase, ransomware often creates a link to a remote server known as Command & Control or C2 via the internet. This enables the attackers to carry out a variety of nefarious deeds, including upgrading malware or sending more commands. Therefore, you should isolate your computer from the network as follows before starting the JiangLocker ransomware removal process:
- Type in Control Panel in Windows search and press Enter
- Go to Network and Internet
- Click Network and Sharing Center
- On the left, pick Change adapter settings
- Right-click on your connection (for example, Ethernet), and select Disable
- Confirm with Yes.
2. Remove the infection
It is safe to start the ransomware eradication procedure once the infected machine has been disconnected from the network. It is well known that certain viruses of the ransomware family self-delete after the encryption process is complete, but this variant may not.
Malware can leave remnants of code in the background to continue performing other malicious activities, such as personal data theft or installation of additional payloads when the network connection is reimbursed. Ransomware is frequently found together with other malware, thus, there may be many infections on the system that need to be eradicated as well.
The only way to find out if this is true is by scanning the system with SpyHunter 5Combo Cleaner, Malwarebytes, or another trustworthy anti-malware program. Security software can swiftly and effectively identify all harmful files and remove them. Besides, keeping an up-to-date anti-malware running on your system can save you from
3. Fix damaged system components
We advise repairing the operating system harm caused by ransomware. After entering the system, malware has the ability to change and damage certain components, which might subsequently cause system errors, crashes, or BSODs. You may use the following potent PC repair tool to remedy that:
- Download RestoroIntego
- Click on the ReimageRepair.exe
- If User Account Control (UAC) shows up, select Yes
- Press Install and wait till the program finishes the installation process
- The analysis of your machine will begin immediately
- Once complete, check the results – they will be listed in the Summary
- You can now click on each of the issues and fix them manually
- If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.
4. Restore your files without paying
Although the FBI and security professionals strongly advise against paying ransoms or even getting in touch with cybercriminals, the decision is always up to the victim. But keep in mind that by paying the ransom, you're merely encouraging the attackers to produce more malware and infect other people – it's just evidence that the illegal business is profitable. The only way to fully prevent the devastating consequences of a ransomware attack is by keeping secure data backups – it can be done via reliable services such as Google Drive or OneDrive – we provide instructions for this below.
As for now, you should concentrate on restoring .Jiang files to their original form, where they could be opened and used once again. Before proceeding, make sure you copy all the encrypted files on your system onto a different medium, such as a USB flash drive or cloud service. Otherwise, files may be permanently corrupted, and even a working decryptor would no longer work.
Getting rid of JiangLocker virus. Follow these steps
Restore files using data recovery software
Since many users do not prepare proper data backups prior to being attacked by ransomware, they might often lose access to their files permanently. Paying criminals is also very risky, as they might not fulfill the promises and never send back the required decryption tool.
While this might sound terrible, not all is lost – data recovery software might be able to help you in some situations (it highly depends on the encryption algorithm used, whether ransomware managed to complete the programmed tasks, etc.). Since there are thousands of different ransomware strains, it is immediately impossible to tell whether third-party software will work for you.
Therefore, we suggest trying regardless of which ransomware attacked your computer. Before you begin, several pointers are important while dealing with this situation:
- Since the encrypted data on your computer might permanently be damaged by security or data recovery software, you should first make backups of it – use a USB flash drive or another storage.
- Only attempt to recover your files using this method after you perform a scan with anti-malware software.
Install data recovery software
- Download Data Recovery Pro.
- Double-click the installer to launch it.
- Follow on-screen instructions to install the software.
- As soon as you press Finish, you can use the app.
- Select Everything or pick individual folders where you want the files to be recovered from.
- Press Next.
- At the bottom, enable Deep scan and pick which Disks you want to be scanned.
- Press Scan and wait till it is complete.
- You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
- Press Recover to retrieve your files.
Find a working decryptor for your files
File encryption is a process that is similar to applying a password to a particular file or folder. However, from a technical point of view, encryption is fundamentally different due to its complexity. By using encryption, threat actors use a unique set of alphanumeric characters as a password that can not easily be deciphered if the process is performed correctly.
There are several algorithms that can be used to lock data (whether for good or bad reasons); for example, AES uses the symmetric method of encryption, meaning that the key used to lock and unlock files is the same. Unfortunately, it is only accessible to the attackers who hold it on a remote server – they ask for a payment in exchange for it. This simple principle is what allows ransomware authors to prosper in this illegal business.
While many high-profile ransomware strains such as Djvu or Dharma use immaculate encryption methods, there are plenty of failures that can be observed within the code of some novice malware developers. For example, the keys could be stored locally, which would allow users to regain access to their files without paying. In some cases, ransomware does not even encrypt files due to bugs, although victims might believe the opposite due to the ransom note that shows up right after the infection and data encryption is completed.
Therefore, regardless of which crypto-malware affects your files, you should try to find the relevant decryptor if such exists. Security researchers are in a constant battle against cybercriminals. In some cases, they manage to create a working decryption tool that would allow victims to recover files for free.
Once you have identified which ransomware you are affected by, you should check the following links for a decryptor:
- No More Ransom Project
- Free Ransomware Decryptors by Kaspersky
- Free Ransomware Decryption Tools from Emsisoft
- Avast decryptors
If you can't find a decryptor that works for you, you should try the alternative methods we list below. Additionally, it is worth mentioning that it sometimes takes years for a working decryption tool to be developed, so there are always hopes for the future.
Create data backups to avoid file loss in the future
One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.
Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:
- Backup on a physical external drive, such as a USB flash drive or external HDD.
- Use cloud storage services.
The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.
Using Microsoft OneDrive
OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:
- Click on the OneDrive icon within your system tray.
- Select Help & Settings > Settings.
- If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
- Once done, move to the Backup tab and click Manage backup.
- Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
- Press Start backup.
After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).
Using Google Drive
Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.
You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.
- Download the Google Drive app installer and click on it.
- Wait a few seconds for it to be installed.
- Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
- Click Get Started.
- Enter all the required information – your email/phone, and password.
- Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
- Once done, pick Next.
- Now you can select to sync items to be visible on your computer.
- Finally, press Start and wait till the sync is complete. Your files are now being backed up.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from JiangLocker and other ransomwares, use a reputable anti-spyware, such as RestoroIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.
If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.
- ^ Danny Palmer. Ransomware warning: Now attacks are stealing data as well as encrypting it. ZDNet. News and Advice on the World's Latest Innovations.
- ^ Command and Control server (C&C). Kaspersky. Encyclopedia.
- ^ Blue Screen of Death (BSoD). Techopedia. Professional IT insight.