What is Jhgn ransomware
Jhgn is an illegal program classified as ransomware. This means that it is a virus that makes money by encrypting files on victims’ computers and demanding pay for decryption. You can learn more about ransomware in general here, while this guide will focus on Jhgn ransomware in specific – how it behaves, how to remove it, how to decrypt files that it encrypted.
The first thing important to note is that Jhgn belongs to the STOP/Djvu ransomware family. This is good news – STOP/Djvu is well-studied, which makes it more likely that you will be able to decrypt the files for free. It also means that Jhgn behaves in a very predictable manner – all STOP/Djvu strains are fairly similar (compare Zfdv, for example).
Jhgn leaves a ransom note on the victim’s desktop – a file named “_readme.txt” (the full text of the note is available on the image above). In the note, the virus asks for $980, or $490 if the victim pays within three days after infection.
When encrypting the files, Jhgn gives them the .jhgn extension. This means that a file “1.png” would be renamed “1.png.jhgn”. This is done to make sure the victim doesn’t dismiss what has happened as an error.
Below you can find a step-by-step instruction that will help you remove Jhgn ransomware and decrypt .jhgn files.