Jager Ransomware Removal Guide

A new Trojan-type infection called Jager Ransomware took the Internet by storm and infected the computers of hundreds if not thousands of innocent people. This ransomware has a clear objective — to encrypt the files on your PC’s hard drive and demand that you pay a ransom for the decryption key. You should not pay the ransom because the cyber crooks might not send it to you and we recommend that you remove it from your computer as soon as possible because it might encrypt every new file you upload to it. This infection targets vulnerable, unprotected users that do not use an antimalware software. So let us begin with its distribution methods first.

Since this ransomware is relatively new, we have yet to discover all of its distribution methods. Nevertheless, we suspect that it is currently being distributed with the help of infected websites that use an embedded exploit tool that drops the malicious files when you interact with JavaScript or Flash-based content. Furthermore, it is entirely possible that this particular ransomware is also being distributed with the help of email spam disguised as legitimate invoices, receipts or business-related correspondence that contains an attachment. As you might have guessed, this attachment carries either the file that initiates the download of the ransomware when running or already contains the main executable. The channels that can be used to distribute this ransomware are plentiful and are not limited to the examples that we have presented.

Malicious applications such as Jager Ransomware are usually set to encrypt files using some cipher, lock the screen or do both things. However, this particular ransomware resorts to encrypting the files only. We have found that it uses unique AES-256 and RSA-2048 encryption algorithms to render your files inaccessible. It is set to generate a new AES-256 encryption key for each file that it encrypts. This AES key is then encrypted with the RSA key and appended to the end of the file along with the AES IV and other information. This encryption method is difficult to crack, and it will take time for malware researchers to come up with a way to break this encryption and develop a key that can decrypt the files.

Jager Ransomware is configured to encrypt files in all locations with the exception of Application Data, AppData, Program Files (x86), Program Files, Temp, $Recycle.Bin, System Volume Information, Boot, Windows, and ProgramData folders. The list of files it can encrypt is also impressive and includes more than a hundred file formats. Therefore, this infection can render all of your most cherished files into random blocks of code. For example, this ransomware can encrypt the following files formats that include without limitation .3DM, .3DS, .3G2, .3GP, .7Z, .ACCDB, .PPSX, .PPT, .PPTM, .PPTX, and so on. Without a doubt, this ransomware is dangerous as it can cause major damage to your files, but it will leave some folders unaffected for the OS to run correctly so you can contact the cyber criminals.

This ransomware drops a ransom note called Important_Read_Me.html on the desktop and probably to most of the folders where a file has been encrypted. This ransom note contains an email address to which you have to send an email to get further instructions on how to pay the ransom. The cyber crooks offer their victims to decrypt a file of up to 200 KB as proof that they can decrypt all of your files. Now, they may prove to you that they can decrypt your files but delivering the full decryption key to you is another story. Our research has revealed that Jager Ransomware drops its executable file named Videoplugin.exe in %APPDATA%\Drive Manager Support. You can delete this file and rid your computer of this infection completely.

In closing, we want to stress that there is no evidence to suggest that the cyber criminals will keep their end of the bargain and give you the decryption key needed to get your files back. They may have your trust after receiving one small decrypted file, but that does not do anything. If you want to remove Jager Ransomware, then please follow the instructions provided below or use SpyHunter — our featured antimalware tool that will eradicate this and any other infection with ease. Leave us a question or a comment in the comments section below and we will get back to you as soon as we can.

How to delete Jager Ransomware

1. Hold down Windows+E keys.
2. Enter %APPDATA%\Drive Manager Support in the File Explorer’s address box.
3. Locate Videoplugin.exe, right-click it and click Delete.
4. Empty the Recycle Bin.