April 14, 2026, By Jonathan Greig
Cybercriminals are using a new ransomware strain called JanaWare to target people in Turkey, according to a new report from cybersecurity firm Acronis.
The researchers said the ransomware operation has been ongoing since 2020 and is associated with a strain of malware that enforces execution constraints based on system locale and external IP geolocation — restricting its activity to systems only in Turkey.
The ransom demands are very low, hovering around $200 to $400, and Acronis said the hackers are likely opting for a low-value, high-volume approach.
“Despite evidence suggesting the campaign has been active for several years, its regional focus and relatively small-scale operations likely helped it remain largely unnoticed,” the researchers said. “This case demonstrates how targeted, localized ransomware campaigns can quietly persist in the threat landscape.”
Acronis said the ransomware was typically used against home users and small to medium-sized businesses, with most becoming infected through phishing emails that delivered malicious Java archives.
The attacks begin with a malware strain called Adwind that contains several features that “hinder detection and analysis, including heavy obfuscation,” Acronis said.