Register to stream ATT&CKcon 2.0 October 29-30


JCry is ransomware written in Go. It was identified as apart of the #OpJerusalem 2019 campaign.[1]

ID: S0389
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1059 Command-Line Interface JCry has used cmd.exe to launch PowerShell. [1]
Enterprise T1486 Data Encrypted for Impact JCry has encrypted files and demanded Bitcoin to decrypt those files. [1]
Enterprise T1490 Inhibit System Recovery JCry has been observed deleting shadow copies to ensure that data cannot be restored easily. [1]
Enterprise T1086 PowerShell JCry has used PowerShell to execute payloads. [1]
Enterprise T1060 Registry Run Keys / Startup Folder JCry has created payloads in the Startup directory to maintain persistence. [1]
Enterprise T1064 Scripting JCry has used VBS scripts. [1]
Enterprise T1204 User Execution JCry has achieved execution by luring users to click on a file that appeared to be an Adobe Flash Player update installer. [1]