Juicylemon Ransomware surely sounds sour, and that is exactly the taste it leaves you when you get infected with this program. Ransomware is a type of computer infection that unleashes disturbing payload and then terrorizes users into meeting their demands. This particular application is rather elusive because you do not really have anything left to remove after the payload is dropped. Rather, users need to deal with the encrypted files and restore them without paying the ransom. We encourage you to leave a comment below this description if you have any questions about ransomware or computer security in general.
Unlike most of the ransomware applications that are distributed via spam email, Juicylemon Ransomware is dropped by an exploit kit called Angler Exploit. This means that users encounter the distribution vector when they browse the Internet and access corrupted web pages. This exploit might reach you through an annoying pop-up or any other means of “transportation.” The point is that, it would be possible to avoid getting infected with this ransomware application if you were to employ safe web browsing habits. Thus, be more attentive when you open unfamiliar websites or get redirected to unknown domains. The infection might be just around the corner.
When Juicylemon Ransomware enters your computer, the program does not lock your screen or change your desktop’s background. Instead, it simply encrypts your files and leaves a .txt file with the instructions how to contact the cyber criminals behind it. On the top of that, the program also deletes itself the moment your files are encrypted. You will have no problem figuring out which files have been affected by the infection because Juicylemon Ransomware adds an extremely long extension to all the encrypted files: .id-[RANDOM ID]firstname.lastname@example.org_email2_provectus@protonmail.com_BitMessage_BM-NBRCUPTenKgYbLVCAfeVUHVsHFK6Ue2F. Actually, there is a lot of information in this extension, and we think we should analyze each of the pieces.
For starters, the extension has your random infection ID. The ID is necessary in order to contact the criminals and identify the affected machine. Technically, there should be a unique encryption key for every single affected computer, so if, theoretically, you end up paying the ransom fee, the criminals need to know which decryption key for which computer they need to send out. Then, there are two email addresses in the extension, and you can see them alright in the ransom note as well. The extension also has one BitMessage address, which is supposed to be used in order to exchange actual money into BitCoins. BitCoins are commonly used in the Internet transactions and by cyber criminals to collect various payments because they offer anonymity.
It is not clear how much the people behind Juicylemon Ransomware want to get from you because you need to contact them first to know the ransom fee. However, the general idea is that paying the ransom does not guarantee the file restoration. Albeit there are success stories out there, the connection between you and the ransomware’s command and control center may falter the moment you transfer the money, and the criminals will definitely not try to put it back online.
Thus, you should remove all the remaining Juicylemon Ransomware files from your computer and scan your system with a licensed antispyware tool to make sure that there are no other dangerous infections on your PC. As for your files, you should restore them from an external backup. Please go through all the storages you may have online, too. Just do not forget to delete all the potential threats before you copy and paste your files back.