The JSWorm 4.0 ransomware is also written in C++ and uses a modified version of AES-256 to encrypt files. Once encrypted all data it drops the ransom note JSWRM-DECRYPT. hta using the following text: Your files are corrupted! Before paying you can request free decryption of 3 files. Total size of files must be less than 5MB (non-archived). Files shouldn’t contain valuable information (accept only txtjpgpng)”]
Source: https://securityaffairs.co/wordpress/89666/malware/emsisoft-decryptor-jsworm-4-0.html