J. Sterling ransomware - How to remove

J. Sterling ransomware virus is one of those file-encoders that select very specific targets. For instance, jHash is meant to influence computers of Spanish-speaking users. The J. Sterling infection was detected on 15th of November and it is meant to act against students of J.Sterling Morton school district in Cicero, Illinois (Ransomware). The infection starts when a member of the campus is introduced with an allegedly legitimate survey, requiring him/her to enter their email, password and to select their high school grade.

Even though the survey might resemble an authentic window, it is actually a scam which will install a ransomware infection into operating systems. After the installation occurs, people will be introduced with an additional window. However, even thought the students are required to pay 10 dollars in the form of bitcoins in exchange of their files, this transaction is completely unnecessary.

Why? Because this infection is still in development and currently does not encrypt files. It is clear that the infection should be mainly targeting school students as the ransom is very low. We rarely see ransoms of 0.00138 BTC. WannaBeHappy is a ransomware infection that requires a relatively smaller fee than the rest as well.

More details about J. Sterling crypto-virus

The infection arrives in a file called J.Sterling_Student_Survey.exe and is labeled as Gen:Heur.MSIL.Krypt (Hybrid). As the analysis suggests, it is not a very elaborate ransomware infection since it does not appear to be capable of making many changes. If the hacker responsible decides to launch J. Sterling crypto-malware into a more successful campaign, he/she will have to do more than a few improvements.

J. Sterling crypto-virus shows a possible tendency for the future: ransomware creators begin targeting very specific companies/people/organizations. While this is not a very widely-utilized approach now, it might become more evident next year. Most of the current ransomware attacks (Ransomware) are more like Cyber Police virus which can affect basically any computer. In order to avoid these devastating infections, encryption of files and blackmail, it is crucial to backup important digital information. Read the whole article to find out the recommendations for keeping your computer malware-free.

How can users avoid ransomware infections like J.Sterling virus?

Infections like J. Sterling ransomware are pretty tricky to avoid. People might immediately assume that the message they receive is legitimate and won’t cause any harm. However, it is important to pay attention to a few details. Has your school ever contacted you via this method? If not, then contact some relevant consultants from your school and ask whether such window can be legitimate.

It can turn out that your school has nothing to do with the message. Therefore, it is important to run a scan with an anti-malware tool in order to find out the reason for the appearance of the window. We advise you to use Spyhunter and find out the truth.

Furthermore, we have some general recommendations for you to follow. Remember to regularly backup your files (since you might create new important data as the time goes on). If a ransomware virus infects your digital information, you won’t have to stress out. In addition to this, it is important to never interact with random online ads that require you to install an update, get a new program or tempt you with a different offer. This leads us to a topic of ransomware distribution.

How does crypto-malware spread?

As we have already mentioned, such infections can arrive in operating systems due to random interactions with online ads. In addition to this, one of the most prevalent transmission methods for ransomware authors is to send malspam. This refers to email letters that contain potentially dangerous attachments or deceptive links. This is why we encourage you to never respond or download material from letters, sent from unknown sources.

How to recover J. Sterling ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP

• Start → Shutdown → Restart → OK.
• Press F8 key repeatedly until Advanced Boot Options window appears.
• Choose Safe Mode with Command Prompt.

for Windows 8 / 10

• Press Power at Windows login screen. Then press and hold Shift key and click Restart.
• Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
• When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.

 

2.Restore System files and settings.

• When Command Prompt mode loads, enter cd restore and press Enter.
• Then enter rstrui.exe and press Enter again.
• Click “Next” in the windows that appeared.
• Select one of the Restore Points that are available before J. Sterling ransomware has infiltrated to your system and then click “Next”.
• To start System restore click “Yes”.

 

Step 2. Complete removal of J. Sterling ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to J. Sterling ransomware. You can check other tools here.  

Step 3. Restore J. Sterling ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually J. Sterling ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.

b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.

Step 4. Use Data Recovery programs to recover J. Sterling ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

• We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
• Download a data recovery program.
• Install and scan for recently deleted files.

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.