Jest ransomware

Jest ransomware takes advantage of unprotected RDP servers to attack host PCs and demand Bitcoins in exchange for a decryption key

Jest ransomware lock screen

Jest ransomware lock screen

Jest ransomware is yet another deadly dangerous cyber infection, which once installed attacks files on a host machine and locks them with a .jest file extension. Although detected on April 1st, 2020, the news about multiple victims all around the world appears not to be an April Fool’s joke. Stemming from FunFact ransomware, the Jest virus actively spreads as a .zip and .exe spam attachment, malicious downloads of pirated software, and unprotected RDP servers. Upon infiltration, it compromises the system’s boot files, registry entries, and activates RSA cipher to encrypt files, such as pictures, videos, documents, databases, stored on a host machine. Subsequently, each locked file gets an appendix .jest and cannot be renamed, opened, moved or otherwise used. The victim is informed about an attack via a ransom note called “Note.ini,” which instructs a victim to transfer 0.3 BTC (currently over $2,000).

The criminals behind Jest ransomware seek to earn 0.3 BTC, which is not a huge ransom if compared to crypto-malware like RagnarLocker. Anyway, paying more than $2,000 for criminals is a huge loss, especially for files and data that belongs to you. To “facilitate” the process of payment, criminals provide links to the Bitcoin purchase websites and explanation on how and where the transfer has to be done.

Name Jest
Family FunFact ransomware
Encryption Jest ransomware uses RSA encryption – an asymmetric cryptographic algorithm, which generates a Private Key to lock personal files on a host PC with a .jest file extension
Ransom note The ransomware changes PC’s background image, creates a note.ini file on the desktop and scheduled task to display a pop-up called “Unlock manager” 
Payment Criminals behind the ransomware are not too demanding: the ransom they require is equal to 0.3 BTC (more than $2.000)

Crooks leverage various techniques to distribute malware like Jest. Most of the infections start on Outlook or other e-mail accounts when people open malicious attachments. Furthermore, files may get locked after getting a dangerous infection via a hacked RDP, software cracks, infected hyperlinks, fake software updates, and similar


As soon as you notice ransomware virus on the system, take immediate action to remove it once and for all. One and only way to root out the malicious ransomware is to run a full system scan with a professional anti-malware tool while booted in Safe Mode with Networking

 Fix virus damage Ransomware initiates multiple compromisation activities against a host machine. Consequently, it may encounter errors, BSOD, load problems, and so on. To fix such and similar damage, use Reimage Reimage Cleaner Integoutility

Once Jest ransomware payload is launched, the virus drops an executable file, which starts an attack in the background, and later Windows Registry to activate malicious registry keys. Consequently, the virus ensures that it will be booted along with the PC’s activation. The malicious executable file, at the same time, launches the encryption software and targets personal files stored on the machine. Finally, when the files are encrypted by .jest file extension and other background processes are done, the ransomware replaces desktop’s background image “YOUR FILES HAVE BEEN ENCRYPTED” and generates a scheduled popup window Unlock Manager. The later, just like a txt form ransom note, provides instructions on how to pay the redeem for a personal decryption key. Besides, it displays a countdown clock, which gives the victim 24 hours to contact with the criminals. 

What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are
busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.

Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
If you want to decrypt all your files, you need to pay.

How Do I Pay?
Payment is accepted in Bitcoin only. For more information, click .
Please check the current price of Bitcoin and buy some bitcoins. For more information, click .
And send the correct amount to the address specified in this window.
After your payment, click .
Once the payment is checked, you can start decrypting your files immediately.

We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If
your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!

1. To pay us, you have to use Bitcoin currency. You can easily buy Bitcoins at following sites:
2. After then, if you already have Bitcoins, pay us 0.3 BTC on following our Bitcoin address.

3. Then, press the “Check Payment” button. We will automatically decrypt your files, after bitcoin transfer.
Send 0.3 BTC to;

If you are under attack at the moment, you have two options, i.e. to purchase Bitcoins and send them to criminals or remove Jest ransomware and try to recover your files using alternative solutions. Windows Volume Shadow Copies[1] won’t help in this case, as the ransomware is programmed to remove all the copies. However, Data Recovery Pro and Previous Windows copies may do the trick. Even more, if you have the backups of the most valuable files, do not even consider paying the ransom at all. 

Jest ransomware countdown
The ransomware locks files with .jest extension and urges victims to purchase a decryption key within 24 hours

Jest ransomware countdown
The ransomware locks files with .jest extension and urges victims to purchase a decryption key within 24 hours

One may think that ransomware removal is a task for tech-savvy ones. In fact, the success of the Jest removal depends much on the AV software that you are using. According to VirusTotal[2], 56 out of 71 AV engines are capable of detecting and removing this threat. Therefore, if you have a professional Antivirus program, launch its scanner and wait for it to report a successful removal of Win32: Malware-gen, Gen:NN.ZevbaF.34106.@pKfaOo2H3oO, Win32/Filecoder.OBM, Trojan.Win32.DelShad.cxv, Gen:Heur.Ransom.Imps.1, or similar malware. 

Typical ways of ransomware propagation

IT experts from and other partners do not exaggerate admonishing how dangerous it is to open email messages from unrecognized senders. Email spam campaigns[3] are extremely common, so if your email address has been leaked many times, you may receive tens of dangerous messages imitating DHL, FedEx, Federal Income Tax Treatment, or other authorities. More elaborate scam campaigns can disguise under chief executive personas’ from Red Cross, Facebook, and similar. 

Jest ransom note
Jest ransomware creates a ransom note with a full guide on how to make the payment

Jest ransom note
Jest ransomware creates a ransom note with a full guide on how to make the payment

Usually, these messages are well-prepared. However, some grammar, typo mistakes or formatting are left suspicious. Therefore, do not open the attachments if you were not waiting for a specific document from a known person. If you have any doubts, reply to the sender and double-check if the attachment is safe to open. The bot will never answer your question. 

Aside from spam, ransomware can be deployed via software cracks on peer-to-peer networks, hacked RDP servers, malicious ad campaigns, software updates, and similar media. Ransomware can hardly be injected into well-protected websites or reputable downloads, though there may be exclusions. Therefore, you must not visit dangerous websites, avoid downloading software recklessly and stay away from intriguing ads. Besides, protect your machine with a reliable AV engine that has an in-built real-time protection feature. 

Comprehensive Jest ransomware removal instructions and data recovery tips

Do not wait long considering pay the ransom or not. The longer you hesitate, the more files you may lose. Once you detect your files encrypted, launch an antivirus scanner and remove Jest ransomware immediately. 

In most of the cases, ransomware viruses block AV engines. That’s a common practice, so don’t fall for panic. Jest removal will definitely be successful if you boot Windows into Safe Mode with Networking. After that, launch SpyHunter 5Combo Cleaner or Malwarebytes and let the program do its job. After that, you should fix affected computer areas with the help of a professional repair tool, such as Reimage Reimage Cleaner Intego

Finally, the corrupted files should still have the .jest extension. If you have backups, then remove the useless files and use the copies. If there are no backups, we will give you a couple of useful tips on how to recover files encrypted by .jest. If neither of them helps, you may need to contact a professional IT-expert to crack the encryption algorithm down. 

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

This entry was posted on 2020-04-20 at 08:19 and is filed under Ransomware, Viruses.