The WinRAR ACE vulnerability has been being exploited for nearly 19 years but has never had ransomware spread through it until now. When the ransomware is executed, the infected computer’s files are encrypted and attached to the .Jnec extension. A ransom note titled, “JNEC.README.TXT” then appears which requests 0.05 Bitcoin ($200 USD) in return for the decryption key. After the files are encrypted, a Gmail address is generated, and the user must create an account with that email in order to receive the decryption key. It is believed that the ransomware is coming from the archive “vk_4221345.rar” and the attackers are tricking their victims into decompressing it to free the contents. What really appears is an uncompleted image of a female and by this time the ransomware has already begun its process. Security researchers advised users not to pay and revealed that that attackers had screwed up–even they can’t decrypt the files once the deed is done.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in