Emsisoft Decrypter for JSWorm 4.0 allows you to decrypt files encrypted by the JSWorm ransomware strain.

JSWorm 4.0 is a ransomware written in C++ that uses a modified version of AES-256 to encrypt files, and adds the extension ".[ID-][].JSWRM to files.

The ransom note "JSWRM-DECRYPT.hta" has the below text:



You will need to remove the malware from your system first; otherwise, it will repeatedly lock your system or encrypt files. By default, Emsisoft Decrypter for JSWorm 4.0 will pre-populate the locations to decrypt with the currently connected drives and network drives. Additional locations can be added via the Add button.

Emsisoft Decrypter for JSWorm 4.0 requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data. Do not change the file names of the original and encrypted files. This is because the decryptor may perform file name comparisons to determine the correct file extension used for encrypted files on your system.

Run the decryptor, and select your file pair. Optionally, the number of CPU threads to use may be changed; the default is one less than those available. Then click the “Start” button. The decryptor will start to reconstruct the required encryption parameters. Depending on the ransomware and your computer, this process can take a significant amount of time.

Emsisoft Decrypter for JSWorm 4.0 will inform you that the decryption process is complete. If you require a report for your records, you can save it by clicking the Save Log button. You also have the option to copy it straight to your clipboard for use in emails, forum posts, etc., if needed.