Infected with JoeGo Ransomware? Need to decrypt your files?

What is JoeGo Ransomware

Today, we will examine in detail the JoeGo cryptovirus that has spread almost throughout the world in recent weeks. This is a cryptovirus that encrypts user data using an AES algorithm that makes files unsuitable for further use. Also, this changes the file extension to .LOCKED. Below we have placed the image and the contents of the note file precist.html, which contains information about encryption.

JoeGo Ransomware

Tvé soubory byly zašifrovány!
----------------
Zbývájici čas
95:53:03
----------------
Co se stalo s mými soubory?
Tvé dokumenty, fotografie, hudba, filmy a mnoho dalších souborů bylo zašifrováno.
Kliknutím na tlačítko "Zobrazit seznam zašifrovaných souborů" si můžeš prohlédnout soubory, které jsem ti nechal zašifrovat. Tyto soubory mohou být obnoveny pouze tehdy, pokud dodržíš níže uvedený postup.
[Zobrazit seznam zašifrovaných souborů]
Jak lze obnovit mé soubory?
Tvá data byla zašifrována unikátním klíčem pomocí silného šifrovacího algoritmu AES. Tento unikátní klíč byl zašifrován pomocí veřejného klíče algoritmem RSA a následně byl uložen na tvém počítači. K dešifrování tvých souborů budeš potřebovat privátní klíč. Tento privátní klíč je uložen na našem serveru. Privátní klíč jsem ti bude poskytnut po zaplacení finančního poplatku. Na uhrazení poplatku máš 96 hodin od zašifrování dat. Pokud lhůtu na uhrazení poplatku nedodržíš, bude privátní klíč na serveru smazán. Nikdo pak nebude moct tvá data dešifrovat, přijdeš o ně natrvalo.
Jak mám dále postupovat?
Tvé unikátní ID je 332845.
Částku v hodnotě 0.05 BTC převeď pomocí platební brány, která je uvedená níže.
Poté postačí chvíli počkat, dešifrování tvých souborů proběhne automaticky po obdržení požadované částky.
[Přejít na platební bránu.]

English:
What happened to my files?
Your documents, photos, music, movies and many other files have been encrypted.
By clicking the "View list of encrypted files" button, you can view the files that I encrypted to you. These files can only be recovered if you follow the procedure below.
[View a list of encrypted files]
How can I recover my files?
Your data has been encrypted with a unique key using the powerful AES encryption algorithm. This unique key was encrypted using a public key using the RSA algorithm and then stored on your computer. You will need a private key to decrypt your files. This private key is stored on our server. I will give you the private key after paying the financial fee. You have 96 hours of data encryption for payment. If you fail to pay the fee, the private key on the server will be deleted. Then nobody can decrypt your data, you will lose them forever.
How do i proceed?
Your unique ID is 332845.
Transfer the amount of 0.05 BTC using the payment gateway specified below.
Then just wait a while, your files will be decrypted automatically after receiving the required amount.
[Go to payment gateway.]

The note is written in Czech language, from which it can be concluded that the developers are from the Czech Republic. Fraudsters demand a ransom of 0.05 bitcoins to get their files back, but there is no guarantee that the attackers will actually do it. Do not pay them! Check out our recommendations to remove JoeGo and decrypt your files.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: submit@securitystronghold.com. We really can help to decrypt your files.

How JoeGo Ransomware infected your PC

JoeGo comes through unprotected network settings. This happens because users rarely use antiviruses and other paid software that can actually protect the system. If JoeGo has already arrived and encrypted your files, then use our instructions to remove it and decrypt the files.

First of all, don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will JoeGo Ransomware system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the JoeGo Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Wipersoft – fully removes all instances of JoeGo Ransomware – files, folders, registry keys.

 

Download Norton

You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows

Restore your files using shadow copies

stellar-data-recovery

  1. Download and run Stellar Data Recovery.
  2. Select type of files you want to restore and click Next.
  3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
  4. Once the scanning process is done, click Recover to restore your files.
Download Stellar Data Recovery

Step 2: Remove following files and folders of JoeGo Ransomware:

Related connections or other entries:

No information

Related files:

No information

How to decrypt files infected by JoeGo Ransomware?

You can try to use manual methods to restore and decrypt your files.

Decrypt files manually

Restore the system using System Restore

system restore

Although latest versions of JoeGo Ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Written by Rami Duafi

Leave a Reply

Your email address will not be published. Required fields are marked *