The Jjtt virus is a recent version of the famous STOP/Djvu Ransomware family. This dubious malware virus encrypts files on the infected PC then append the “.jjtt extension” to the end of all the file names. This cunning threat uses a powerful encryption algorithm that can take years to break without proper decryption keys. Files locked by this malware get changed, for example, the file “myphoto.jpg” will get converted into “myphoto.jpg.jjtt” after the encryption. This virus also leaves a ransom note “_readme.txt” on the victim’s computer and asks users to contact hackers through helpmanager@firemail.cc and helpmanager@iran.ir email address.


What is Jjtt Ransomware?

The Jjtt ransomware is a notorious malware designed to take all the files, hostage, on a victim’s computer by using powerful encryption. It is a data locker virus infection that forces innocent users to pay ransom money for their files. It is able to infect all versions of Windows computers silently without the permission or consent of the owner of the system. Once installed, Jjtt Virus scans your entire system for files such as photos, documents, videos, and all the other data.

Then after it will start the encryption of all the files stored on that machine and add its own malicious extensions to the file names as the suffix. This is the marking of encoding performed on all the files. These dubious threats are able to encrypt almost all types of file formats normally stored on Windows computers. Then this Jjtt ransomware creates a ransom note called “_readme.txt” on the infected PC and leaves it on the desktop as well as all the other affected file folders. This note contains the encryption notice, ransom demand, decryption tips, and method of payment.

This nasty Jjtt ransomware uses an extremely secure and powerful encryption algorithm. There is no way to break this encoding unless you have the decryption key. Hackers take the benefit of this and force users to pay hefty ransom money through Bitcoin. With the increase in cryptocurrency, malware creators get lots of options with security. There is no way to trace back the person who is getting the money.

This perilous Jjtt virus is a strain of an old malware infection that has more than 200 versions. So it is needless to say that hackers behind this infection have quite an experience in torturing innocent users for the extortion fee. This virus is programmed to erase all the shadow files and system restore points so that users cannot avoid this malware or rescue their files without paying the decryption fees.

Is my PC infected by Jjtt Virus?

Upon infection, the Jjtt ransomware encrypts all the files on the infected machine and marks them with “.jjtt extension”. If all the files on your computer appear with the same extension and you are not able to access any of your files then your PC is unfortunately infected by this virus. If you will look carefully then you will find the ransom note on your desktop and in all the folders on your system. If you will try to bring new files to your system by using a USB drive, CD, or DVD or by downloading from the Internet, you will find that they get encrypted as well.

.Jjtt File Virus: Threat Analysis

Name Jjtt
Type Ransomware
Threat Level High (Restrict access to all your files).
Extension .jjtt
Family Stop/Djvu Ransomware
Short Description The Jjtt Ransomware encrypts your data by adding “.jjtt extension” to file names and demanding ransom money for the decryption key.
Symptoms You cannot access any files on your PC and you will find a Ransom note asking for money.
Distribution Freeware Installations, Bundled Packages, spam emails, cracked software, illegal patches
Variants MIIA, PAAS, Ehiz, Nusm, Igvm and so on.
Removal Download SpyHunter 5 Anti-Malware
Recovery Download Data Recovery Software

Jjtt ransomware file encryption process

This virus uses two types of encryption methods, one is online and offline. The difference between them is when this virus hits your system and your PC is connected to the network, then it can directly connect to a remote server and create a unique ID to encrypt your data. This method falls under the online encryption methods. The second method is when your system gets attacked by the Jjtt virus and your PC is not connected to the Internet, then it uses its predefined ID to encrypt your files. This method is called offline encryption. In both these cases, your files are being locked by the same algorithm.

With the offline method of encryption, it might be possible to recover your files through a generic decryptor but since it is the latest version of the malware, there is no free decryption available yet. But in the case of Online decryption, there is no way to restore your files until you have a backup of your data or you use any data recovery software.

Victims of the “.Jjtt file virus” should be aware that after all the promises made by this ransomware, most people don’t get decryptor even after paying the ransom money. It is a scam only planned to cheat innocent users, so hackers are not really motivated to unlock your files even after getting paid. The fact is, this nasty malware is also known to drop password-stealing malware on the infected system which can steal your financial information and you can become a victim of identity theft and bank fraud.

Ransom note left by Jjtt Virus contains the following text :


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

.Jjtt File Virus distribution methods

The Jjtt ransomware is a dangerous threat that uses several tricks for its widespread distribution. It can be found in several freeware programs available for download online. Security researchers have found that software bundling is one the biggest source of malware distribution. Creators of this infection put their malicious payload into several freeware installers, software cracks, keygens, pirated games, illegal patches tools for spoofing the purchase of copyrighted materials like KMSPico, and others. In these cases, users disable their security programs to install these programs that give “.Jjtt File Virus” complete protection.

Browsing to suspicious links, porn, or torrent sites, sharing files over the unsecured network are some other methods through which malware attack the targeted machine. Hackers also use spam email attachments which are quite successful and often used methods to drop malicious codes on victimized computers. Users are advised to always scam email attachments and avoid downloading pirated stuff to protect their computer from threats like the Jjtt virus.

How To Remove Jjtt Virus From PC

.Jjtt File Virus is a harmful and notorious threat. It will keep creating new problems in your machine, so it is very important to delete this malware permanently. When this kind of malware invades the computer, it may also bring other threats to the victimized system. It can do major damage to your machine in a very quick time. Keep in mind that, it may have spread its copies at different locations on your system. It is also quite possible that files associated with infection may carry different names. We are going to discuss two possible ways to remove this infection 1. Automatic Removal, 2. Manual Removal method.

In order to remove the “.Jjtt File Virus” infection completely, you will need to remove all its associated files. This process includes various removal steps and requires technical expertise. It’s better to have a complete diagnosis on the infected computer so that all the potential infections can be found. You must clean your system properly and remove all the core files related to the “.Jjtt File Virus”. The manual Removal process is time-consuming and slight mistakes can corrupt the operating system. Feel free to give a try to the Automatic process if you don’t feel comfortable around with manual tips.

Remove Jjtt File Virus Automatically

Well removing the Jjtt File Virus from your system completely will require a powerful Anti-malware application that can find and delete all the hidden threats and associated files simultaneously to avoid the possibility of infection coming back to your machine or damaging your system in the removal process. We suggest quite a powerful and reliable Malware Removal Tool that is very advanced and works like a charm. You just need to download and install the application on your system and run a scan of your PC and it will remove Jjtt File Virus on its own.

This Automatic Malware Removal Tool is able to find and remove all types of harmful threats like Trojan, Ransomware, Worms, Rootkits, Keyloggers, Adware, Browser Hijackers, Fake Tech support scams, Redirect malware, and many other potentially harmful programs. It is free to try and you can run a full diagnostic of your computer before you buy this program. You can scan your computer to find it Jjtt Virus or any other hidden threat and remove it completely with a single mouse click.

Automatic Ckae Virus Removal Method

  • First of all, you will need to click on the below button to download the software.
  • Now double click on the installer file then clicks Yes to install the program.

  • Launch the application and click on the Start Scan Now button to scan your PC.

  • The software will take some time to find all hidden threats and malware on your computer.

  • Finally, click on the Next button to see results and remove .Ckae file virus and other infections.

Amazing Features Of Automatic Malware Scanner::–

  • Malware Detection & Removal – Detect and remove spyware, rootkits, ransomware, viruses, browser hijackers, adware, keyloggers, trojans, worms, and other types of malware.
  • Custom Scan – This feature gives you the freedom to scan any part of your system particularly to find hidden threats including external hard drives or USB drives.
  • Real-Time Protection – Advanced system guard feature has malware blocking technology that helps protect your PC against malware attacks, threats, and other objects.
  • Technical Support – It is one of the best features that provides’24×7′ technical help to the users of custom malware fixes, specific to unique malware problems.

Recover Encrypted Files Using Data Recovery Software

If you don’t have a backup of your files then you can try using our powerful data recovery software to restore your files. Download the free scanner and scrub your computer for files. Once the software will scan your hard drive, it will show the preview of files that can be recovered. If it can find the data which you are looking for then you will have to register the software. Finally, you can select the files you want and recover them easily.

  • First of all download the Stellar Data Recovery software on your computer.

Download Data Recovery Software

  • Install the application, launch it, and select the type of data you want to recover then click the Next button.

  • Select the folder location, Drive, or volume you want to scan for data then click on the Scan button.

  • After scan, select the files and click on the Recover button to save your recovered files.

Part 1 – Start Your Computer In Safe Mode With Networking
Part 2 – Stop Jjtt Related Process From Task Manager
Part 3 – Remove Jjtt From Control Panel
Part 4 – Remove Jjtt From Browser
Part 5 – Remove Jjtt From Registry Editor
Optional: Reset Your Browser Settings

Part 1 – Start Your Computer In Safe Mode With Networking

[tabby title=”Windows 7″]

  • Click on the “Start” menu and select the “Restart” button.

  • Keep pressing the “F8 button” when your PC starts booting.

  • You will see the “Advanced boot menu” on your computer screen.

  • Choose the “Safe Mode With Networking” option and press Enter button.

[tabby title=”Windows 8″]

  • Press Windows & C buttons and select the Settings option.

  • Click on the “Start” menu, press the “Shift key” and click on the “Restart” button.

  • Select the “Troubleshoot” option from the screen.

  • Now click on the “Advanced” Options.

  • Choose the “Startup Settings” option.

  • Select “Enable Safe Mode option” and click the Restart button.

  • Press the “F5 button” to Enable the “Safe Mode With Networking” option.

[tabby title=”Windows 10″]

  • Press the Windows Start button and click on the Power button.

  • Hold the “Shift key” and click on the “Restart” button.

  • Select the “Troubleshoot” option from the screen.

  • Now click on the “Advanced” Options.

  • Choose the “Startup Settings” option.

  • Select “Enable Safe Mode option” and click the Restart button.

  • Press the “F5 button” to Enable the “Safe Mode With Networking” option.


Part 2 – Stop Jjtt Related Process From Task Manager

  • Press the “ALT+Ctrl+Del” buttons simultaneously on your keyboard.

  • Choose the Windows Task manager option from the screen.

  • Select the malicious process and click on the End Task button.

Part 3 – Remove Jjtt From Control Panel

[tabby title=”Windows XP”]

  • Go to the Start menu on your computer and select Control Panel.

  • Click on Add or Remove programs option.

  • Find and remove unwanted programs from your PC.

[tabby title=”Windows 7″]

  • From the Start menu open Control Panel

  • Select Uninstall a programs option from the Programs menu.

  • Finally, select and remove unwanted programs from your system.

[tabby title=”Windows 8″]

  • Press the Win+R button to open Run Box on your computer.

  • Type “control panel” in the Run window and hit Enter button to open Control Panel

  • Right-click Jjtt and other unwanted programs and click Uninstall option to remove them completely.

[tabby title=”Windows 10″]

  • Press the start button and select the Settings option.

  • Choose the system option there & then Click on the Apps and Features option.

  • Find and remove unwanted programs from your PC.


Threats like Jjtt Ransomware can keep coming back to your system if its core files are not completely removed. So we recommend downloading SpyHunter 5 Anti-Malware to scan for malicious programs. This may save you precious time and effort.

Special Offer SpyHunter 5 Anti-Malware offers a 15-day fully-functional Free Trial. Credit card required, NO charge upfront. No charge if you cancel during the trial period. Review SpyHunter’s EULAThreat Assessment Criteria, and Privacy Policy

Part 4 – Remove Jjtt From Browser

From Google Chrome

  • First of all launch up Google Chrome browser on your PC.
  • Click on the great icon from the top right corner of your browser to open the Chrome menu.
  • Now click on the Tools option.
  • Go to Extension and select all unwanted extensions including Jjtt.
  • Finally, click on the trash bin icon to remove Jjtt from Google Chrome.

From Internet Explorer

  • Open Internet Explorer browser in your PC.
  • Press Alt+T buttons, or Click on Gear Icon from the right-top corner to open Tools.
  • Now click on the Manage Add-ons option.
  • Select Toolbars and Extensions tab.
  • Find Jjtt related add-ons and Click Disable.
  • Click the More information button.
  • Finally, click on the Remove button.

From Mozilla Firefox

  • Launch Mozilla Firefox browser on your PC.
  • Click on the gear icon from the top right corner to open the browser menu.
  • Select Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, choose the Extensions or Appearance panel.
  • Select the Jjtt add-on that you want to remove.
  • Click the Remove button.
  • Click Restart now if it pops up appear on your system screen.

From Microsoft Edge

  • Open MS Edge browser and Click on the More Tools button from the upper right corner.
  • Now choose the “Extensions” option from the drop-down menu.
  • You will find All the extensions installed on your browser.
  • Select all Jjtt-related malicious extensions and click on the “Uninstall” button.

Part 5 – Remove Jjtt From Registry Editor

  • Open the Run window by pressing Win + R keys together.

  • Type “Regedit” and click OK

  • Find and delete all related registry files of Jjtt.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jjtt HKEY_LOCAL_MACHINE\SOFTWARE\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1′ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “3948550101? HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “xas” HKEY_CURRENT_USER\Software\Jjtt

Optional: Reset Your Browser Settings

Reset Google Chrome

  • Open “Google Chrome“, click on the Chrome menu.
  • Click on the “Settings” option from the drop-down list.
  • Go to the search box and type RESET.
  • Finally, click the “Reset” button to complete the process.

Reset Mozilla Firefox

  • Open “Mozilla Firefox“, click on the Firefox menu, and press the Help option.
  • Select the “Troubleshooting Information” option.
  • Click on the “Refresh Firefox” button at top of the page.
  • Hit the “Refresh Firefox” button when the dialog box appears on your computer screen.

Reset Microsoft Edge

  • Open Microsoft Edge, click on the three dots icon, and select the “Settings” option.
  • Now click on the “Reset Settings” option.
  • Select the “Restore settings to their default values” option and click on the “Reset” button when the confirmation dialog box appears.

Reset Internet Explorer

  • Open your Internet Explorer browser, click on the “Tools” menu and select “Internet Option”.
  • Click on the “Advanced tab” and then hit the “Reset” button.
  • Find the “Delete Personal Settings” option and press the “Reset” button.
  • Finally, click on the “Close” Button and restart your browser.

Friendly Tips Ignore Viruses – Things To Do After Removing Jjtt

To keep away from Jjtt coming back on your Computer system and to force close similar threats in the future, you must follow these essential tips while using your PC:

  •  Always select the Custom Installation method when you are installing any software or program.
  •  Uncheck all hidden options and bunched programs that you are unknowing of or don’t know.
  •  Scan all your email attachments before you open them on your computing machine.
  •  Never download updates from untrusted and unknown websites.
  •  Do not visit adult or porn websites.
  •  Do not click on any misleading advertisements.
  •  Always scan USB drives before transferring or copying files.
  •  Scan your PC at regular intervals for hidden viruses and malware.

🧐 Frequently Asked Questions

Thinking Face on WhatsApp What is Jjtt Virus?

The Jjtt Virus is a nasty ransomware infection that encrypts files on infected PC and forces users to pay ransom money for the decryption key.

Thinking Face on WhatsApp How does the Jjtt infect your PC?

Hackers use several methods to spread this malware but some common ways are freeware Installations, Bundled Packages, spam emails, cracked software, illegal patches.

Thinking Face on WhatsApp How can I open “.Jjtt” files?

Be careful no other way. These files are encrypted by nasty Stop/Djvu Ransomware malware. The contents of “.Jjtt files” are not more available until they are decrypted.

Thinking Face on WhatsApp Are my files completely lost?

Of course No, your encrypted files and data are still there on your system but you just can’t access your files by yourself. This nasty ransomware virus has encrypted your data and files and they only can be accessed by using a decrypting key for which the Jjtt hackers are demanding the ransom amount.

Thinking Face on WhatsApp Is it possible to recover Jjtt encrypted files?

Currently, there is no free decryptor available for this virus but you can use data recovery software to get back your files after removing this threat.

Thinking Face on WhatsApp How can I remove the Jjtt virus?

Regular anti-virus programs are useless against it and you will need a powerful malware removal tool to remove this infection completely from your system.

Thinking Face on WhatsApp May I re-install Windows to remove Jjtt Ransomware and decrypt .pass files?

If you will reinstall your Windows then it might remove this nasty infection from your system but you will not be able to restore your encrypted files & it is also possible that this virus can be removed and then come back. So that’s why we strongly suggest that You have to use a powerful Anti-malware Tool to remove this cunning virus and try to decrypt your files.

Thinking Face on WhatsApp What can I do right now?

The Jjtt virus encrypts only the first 150KB of files. So your MP3 files are large than 150 kb, some of your media players like Winamp may play the files, but the first 3-5 seconds will be missing because of encryption. So you can try to find a copy of an original file that was encrypted by this nasty ransomware virus:
  • The files you downloaded through the Internet were encrypted & you can download them again through the Internet to get the original files.
  • Restore the encrypted images (pictures) that you shared with your family member and friends that they can just send back to you.
  • Photos that you uploaded on your social media account or cloud services like Carbonite, OneDrive, Google Drive, iDrive, etc
  • Attachments in emails you sent or received and saved on your computer.
  • If you can also download some of your lost software, programs, movies, videos, audios, games from the web.
  • Files on an older PC, flash drive, external drive, camera memory card, or iPhone where you transferred the data to the infected system.

You can also report the Jjtt attack to Authorities

Guys, be careful, If you are also a Victim of Jjtt Ransomware then you should report this crime incident to the legal authorities in your county. Here our team mentions a list of some of the genuine official government websites for reporting any kind of online fraud and scam activities, so please take a look:

Jjtt United States – Guard Online

Jjtt Australia – SCAMwatch

Flag: United Kingdom on Google United Kingdom – Action Fraud

Flag: New Zealand on Apple New Zealand – Consumer Affairs Scams

🇨🇦 Flag: Canada, Emoji by Apple Canada – Canadian Anti-Fraud

🇮🇪 Flag: Ireland, Emoji by Apple Ireland – An Garda Síochána

Flag: India on Apple India – National cybercrime Reporting Portal

Flag: Portugal on Apple Portugal: Polícia Judiciária

Guys, not only this rather you can also search to find the genuine Internet Crime Authority in your country. During this, it will not help you remove this virus from your computer or restore your encrypted files in any way but it’s just informed the authorities. Once you will register your complaint to the Internet Crime Authority, the authorities might look into it and take some precautionary measures to stop other cyberattacks in the future. Although, don’t get lured by cyber hackers. They only cheat instead of helping you.

Regardless of the situation, our cyber security experts recommend that it is best for victims to follow FBI guidelines which generally prohibit any form of ransom payment. This recommendation is based on the following reasons:

    • Paying the ransom does not guarantee that your encrypted files will be restored
    • When you pay the ransom, you’re encouraging cybercriminals since it will become profitable
    • With more ransom money at their disposal, they would be able to employ more hands and broaden their threat

Threats like Jjtt can keep coming back to your system if its core files are not completely removed. So we recommend downloading SpyHunter 5 Anti-Malware to scan for malicious programs. This may save you precious time and effort.

Special Offer SpyHunter 5 Anti-Malware offers a 15-day fully-functional Free Trial. Credit card required, NO charge upfront. No charge if you cancel during the trial period. Review SpyHunter’s EULAThreat Assessment Criteria, and Privacy Policy

About the author

Christopher Edwards

Hey This is Chris, I am a Malware researcher and security analyst. I love to find out about new threats and viruses and I started this website to teach people how to stay safe online. You will get all the latest malware removal tips and tricks here. You can also ask for any virus related problem in comment section or through our contact page.