The malware, which is also known as SysJoker, is a type of ransomware that encrypts files on a computer and then demands payment from the user in order to release them. The malware has been attacking computers for over six months, and it is believed to be responsible for causing millions of dollars in damage. SysJoker first appeared in early May and quickly began spreading through email attachments and through websites that distribute pirated software. Once installed on a computer, the malware begins encrypting files on the device. In order to unlock the files, the user is required to pay a ransom fee of between $300 and $600. Although there are some ways to protect oneself from SysJoker, most users are not aware of them. Therefore, it is important that people learn about this type of malware so they can take steps to protect themselves from it. ..
SysJoker was first discovered by security researchers at Intezer, who then published an extremely detailed breakdown of the malware, how damaging it can be, and what it does. If you’re curious about all of the gritty details, I highly suggest reading the report, as it’s quite enlightening.
If you want the short version, we’ll break it down and make it a little easier to digest. Basically, variants are designed to target either Linux, Windows, or MacOS. It creates a series of files and registry commands that eventually allows it to install other malware, run commands on the infected device, or command the backdoor to remove itself.
The steps to get these are a little different depending on the operating system. For example, on Windows, there’s a first-stage dropper in the form of a DLL that doesn’t exist on the other two operating systems. However, regardless of the OS, the end result is more or less the same.
Because this malware has managed to evade antivirus software (for now), you’ll have to check manually to see if any of the created files are there. The folks at Bleeping Computer have a detailed breakdown of where to find the files and what to do if you’re infected.
Basically, if you find the files outlined in the link above, kill all processes related to the malware and manually delete the files. Next, run a memory scanner to see that all files have been uprooted from your computer, and look into possible ways SysJoker could have infected your system to fix security holes.
Now that the backdoor malware has been fully reported and detailed, you can expect antivirus software to get an update that’ll allow them to start detecting SysJoker as it would any other malware. In the meantime, be safe when downloading anything to your computer, regardless of what operating system you’re running.
And let this serve as a reminder that, while necessary, antivirus software won’t completely protect from new threats that emerge, but it’s still worth having a good one installed.
RELATED: What’s the Best Antivirus for Windows 10 and 11? (Is Microsoft Defender Good Enough?)