CryptoJoker is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on December 1, 2015, this ransomware has been actively targeting systems worldwide.
Quick Facts
Ransomware Family
CryptoJoker
First Seen
December 1, 2015
How CryptoJoker Ransomware Works
File Encryption Patterns
CryptoJoker modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..crjoker
Ransom Note and Payment Demands
After encrypting files, CryptoJoker displays ransom notes demanding payment for file recovery:
fileDECRYPT FILES.txt
Ransom message:
notes/DECRYPT FILES.txt
Note locations:
Desktop
fileGET MY FILES.txt
Ransom message:
notes/GET MY FILES.txt
Note locations:
Desktop
fileREAD.txt
Ransom message:
notes/READ.txt
Note locations:
Desktop
filereadme.txt
Ransom message:
notes/readme.txt
Note locations:
Desktop
fileREADME!!!.txt
Ransom message:
notes/README!!!.txt
Note locations:
Desktop
fileREAD NOW.txt
Ransom message:
notes/READ NOW.txt
Note locations:
Desktop
fileREAD NOW.txt
Ransom message:
notes/READ NOW.txt
Note locations:
Desktop
fileread this file.txt
Ransom message:
notes/read this file.txt
Note locations:
Desktop
fileПРОЧТИ.txt
Ransom message:
notes/ПРОЧТИ.txt
Note locations:
Desktop
fileРАСШИФРОВАТЬ ФАЙЛЫ.txt
Ransom message:
notes/РАСШИФРОВАТЬ ФАЙЛЫ.txt
Note locations:
Desktop
message
Ransom message:
notes/note.txt
Note locations:
Login
Technical Indicators
Associated Executable Files
The following executable files are associated with CryptoJoker ransomware:
This CryptoJoker ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like CryptoJoker.