Issue: How to Recover Files Encrypted by Jokers House Ransomware?
At first, I thought that it’s a joke initiated by one of my colleagues, but then I found all my files locked and appended with a .Contact_TarineOZA@Gmail.com file extension. My work PC has been infected by Jokers House ransomware, and now I’m panicking. I had lots of important docs on that PC, and I need them back ASAP. I don’t even imagine how the virus got into the system, but I really need your help, guys!
At the end of April, the desktop background of many computers have been replaced by a creepy joker face and warning that all personal files stored on the system have been encrypted. Unfortunately, this is not a joke. It’s a Jokers House ransomware that is actively circulating on the Internet as a .zip attachment of spam or “additional” file of some rogue software and infecting random computers. It features many similar traits with Jigsaw virus and is considered to be its newest version. When the malicious file infected with Jokers House virus is executed, the virus roots deeply into the operating system and encrypts all personal files (photos, videos, documents, etc.) using AES algorithm. Consequently, all locked files get the .Contact_TarineOZA@Gmail.com file extension. Also, the desktop background of the infected computer is replaced by Joker image and the ransom note, which says:
I see you have received your free ticket I sent. Let me explain the rules: Your PC’s files are in the encryption asylum. Your photos, videos, documents, etc… These files will be deleted in 24 hrs! This Occurs only if you don’t comply. However I’ve already encrypted your personal files, you may not access them. Every hour some of these files will be deleted permanently, after that I won’t be able to access them myself. All it takes is just one bad day! Let me advise further! Every hour you hesitate to complete payment the amount of deleted files will increase in rate, during the first 3hrs you will only lose, a few next 6 a few hundred, tomorrow everything WILL BE GONE. If you turn off your computer of try to close me, I will come back, you then get 1000 files deleted as a punishment. I am required to be restarted to decrypt your files after payment gas been received. So, can you see the funny side? Why are you not laughing?
The victim is asked to contact the criminals via TarineOZA@gmail.com email address immediately if he/she wants to restore all personal files. Indeed, hackers are not going to decrypt files for free. The Jokers House ransomware victim is urged to pay $100 ransom and transfer it via Bitcoin. To create the impression of immediateness, hackers intimidate people that every hour of not paying up will cost some of the files, which will be permanently deleted. Unfortunately, it’s not clear yet if these intimidations are not simple phrases just like the promises to decrypt all files once the ransom is paid. Security experts highly DO NOT recommend having any contact with the hackers that manage Jokers House virus. It is advisable to remove the virus ASAP and then try to recover the encrypted files from the backups or use one of the methods provided below. Paying the ransom may lead to both data and money loss.
How to Remove Jokers House Ransomware?
- Reboot your computer to the Safe Mode with Networking.
- After that, install a professional anti-malware, for example, Reimage and run a full system scan with it.
- When the virus is removed, reboot the system.
How to Recover Files Encrypted by Jokers House Ransomware?
The Jokers House virus infection is actually no problem if you have backups of your data. What you have to do is to delete the virus completely and then recover encrypted data from the backups. If, however, you don’t have them, you should try the following recovery options:
Option 1. Data Recovery Pro
Data Recovery Pro is a tool designed to recover damaged or corrupted files. When enabled, this tool carries out the system scan automatically and recovers the data that has been negatively affected by a system crash or virus infection. Therefore, even though Data Recovery Tool is not a professional tool for cracking ransomware codes, we would strongly recommend trying it:
- Downloading Data Recovery Pro to your computer (http://2-spyware.com/download/data-recovery-pro-setup.exe);
- Run the setup file to install the program;
- Launch it and run the system scan to search for files encrypted by Jokers House virus;
- Follow the on-screen instructions to restore them.
Option 2. Enable Windows Previous Versions feature
Windows Previous Versions is an in-built Windows feature, which may help to recover encrypted, damaged or deleted files. However, it will only work if the System Restore function was enabled before the virus infiltration. If the System Restore was enabled on your PC, then please try the following steps:
- Locate the file you want to recover and right-click it;
- In the menu click “Properties” and choose “Previous versions” tab;
- The new “Folder versions” window will display the list of available file copies. On this list, select the preferred version and confirm your choice by clicking “Restore.”
Option 3. Use ShadowExplorer
ShadowExplorer is a tool that explores Volume Shadow Copies of encrypted files and restores them to the state before the encryption. Unfortunately, well-developed virus are programmed to delete these copies, but it’s not clear if the Jokers House ransomware deletes them or not, so this method is certainly worth trying:
- Go to Shadow Explorer’s official website and download the tool;
- Run the setup file, follow the Shadow Explorer Setup Wizard and install the program;
- When the installation is done, launch the tool and open the drop-down menu in the top left of the application screen.
- Select the disk in which the encrypted data is stored and look through the installed folders;
- Right-click on the folder that you want to decrypt and select “Export.”
- Select the location where the data will be stored.
Recover files and other system components automatically
To recover your files and other system components, you can use free guides by ugetfix.com experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.
This patented repair process uses a database of 25 million components that can replace any damaged or missing file on user's computer.
To repair damaged system, you have to purchase the licensed version of Reimage malware removal tool.