JCry Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 687
Category: Trojans

JCry Ransomware could have caused a lot of trouble to lots of users from Israel if only its creators’ plan on distributing it was successful. Fortunately, it all fell apart, and the file-encrypting application did not infect any devices. If you have not heard about this incident yet, you should continue reading our article and learn about it. That is because the malware works like it is supposed to, which means what is left to do is find a different way to deliver it to targeted victims. Additionally, we will place instructions showing how to erase JCry Ransomware manually. However, keep in mind the steps might not work if the hackers change anything about the malicious application’s effective manner. Thus, the safest option would be to leave this task to a reliable security tool of your choice. If you have any questions about the threat or its removal, you can leave us a comment at the end of the article too.

JCry Ransomware was supposed to be distributed via particular sites that the hackers were able to make run their script. According to their plan, the affected sites would have displayed fake notifications saying the user’s Adobe Flash Player is out of date. Needless to say, the alert provided a button to download the update, which in reality would have downloaded and installed the malicious application.

Nevertheless, the hackers made a mistake while creating the script, which is why instead of the fake notification the affected websites displayed a different message. It had only one sentence that said: “Jerusalem is the capital of Palestine #OpJerusalem.” This is why some call the attack #OpJerusalem. Other than exploiting various vulnerabilities, threats like JCry Ransomware can be spread with Spam emails, malicious software installers, and so on. Therefore, it is essential to watch out for suspicious content just the same as keep your software up to date and have a reliable antimalware tool to guard the computer.

To settle in the malware should create the files listed in the deletion instructions available below. On the other hand, some of its created files erase themselves soon after being created, such as Enc.exe and msg.vbs, so you will not see them mentioned in the steps. Eventually, JCry Ransomware should start encrypting various photos, pictures, videos, and other valuable files located on the user’s computer. All files that get locked should receive the .JCry extension (e.g., document.docx.JCry). The last thing this malicious application ought to do is open a ransom note explaining how to pay a ransom in order to receive a unique decryption key. It is the only thing that can restore encrypted files and knowing it the hackers hoped they would be able to extort money from victims who could be willing to pay for it. We always recommend against paying the ransom, because there is always a chance the victim could get scammed.

Usually, we advise users who do not want to pay the ransom to eliminate the malware. As you can see the instructions located at the end of this paragraph show how to get rid of JCry Ransomware manually. The task may not seem challenging, but in case the malicious application gains new functions or is changed anyhow, the given steps might not work anymore. Considering the hackers failed to distribute it, there is a possibility they could update it before trying to release it again. This is why, it might be safest to use a reliable antimalware tool of your choice.

Eliminate JCry Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Pick Task Manager.
  3. Select the Processes tab.
  4. Look for a process associated with the malware.
  5. Select the process and click End Task.
  6. Leave Task Manager.
  7. Tap Win+E.
  8. Go to these locations:
  9. Find the malicious file (e.g., flashplayer_install.exe) opened before the system got infected, right-click it and select Delete.
  10. Then navigate to this location: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
  11. Search for files titled Dec.exe and PersonalKey.txt, right-click them separately and select Delete.
  12. Close File Explorer.
  13. Empty Recycle Bin.
  14. Restart the computer.
Download Remover for JCry Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

JCry Ransomware Screenshots:

JCry Ransomware
JCry Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *