Tencent Yushen Threat Intelligence Center monitored and found that the JSWorm ransom virus JURASIK variant has spread in the country. Except for individual folders and file types that are excluded from encryption, all other files are encrypted and the .JURASIK extension is added. Fortunately, files encrypted by the JSWorm ransomware can be decrypted and restored. Tencent computer butler and Tencent Royal Terminal Management System can kill the ransomware. The JSWorm ransom virus first appeared in January 2019 and is now known to spread through spam. Analysis of domestic variant virus timestamp information shows that the compilation time is May 15, 2019.