Joker Korean is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on September 1, 2020, this ransomware has been actively targeting systems worldwide.
Quick Facts
Ransomware Family
Joker Korean
First Seen
September 1, 2020
How Joker Korean Ransomware Works
Targeted Files
377b8b0ee6a332b873f15ac1be1016e05f2ab2105352aa8282a3919dca69bde7 -> clickme.bat , should be stored in Users/%USER%/AppData/ Only renames files. Probably that is why the modify date will not change
File Encryption Patterns
Joker Korean modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..joker
Ransom Note and Payment Demands
After encrypting files, Joker Korean displays ransom notes demanding payment for file recovery:
message
Ransom message:
notes/note.txt
Note locations:
Login
Technical Indicators
Associated Executable Files
The following executable files are associated with Joker Korean ransomware:
ransom.exe
clickme.bat
Elastio Can Help You
Don't let Joker Korean ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This Joker Korean ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Joker Korean.