Security researchers at Kaspersky Lab have discovered a weakness in the Jaff ransomware that allowed the researchers creating of decryption keys to unlock files encrypted by the malware.
Once the victims were infected by the Jaff ransomware, crooks then demanded a ransom of between 0.5 to 2 Bitcoin (approximately $1,500 – $5,000, based on current exchange rates).
That weakness can be exploited by a free tool that has been included in the list of free ransomware decryptors shared by Kaspersky Lab. The tools allow recovering files encrypted by the ransomware like Rannoh and CoinVault.
“We have found a vulnerability in Jaff’s code for all the variants to date. Thanks to this, it is now possible to recover users’ files (encrypted with the .jaff, .wlu, or .sVn extensions) for free,” Kaspersky Lab said in a statement announcing the availability of the decryption keys.
The free decryption tool for unlocking files has been added to the RakhniDecryptor (version 1.21.2.1).
The Jaff ransomware was first spotted in May while it was being distributed by Necurs botnet previously used to spread the Locky and Dridex malware.
A few days ago, security researchers at Heimdal Security who were investigating a new strain of Jaff ransomware discovered that the malware is sharing the backend infrastructure with a black market offering for sale stolen card data and account information.
The Jaff ransomware has been recently discovered, it was involved in a number of large-scale email campaigns each using a PDF attachment with an embedded Microsoft Word document embedding macros that download and execute the malicious code.
According to Kaspersky Lab, top countries impacted by the ransomware are China, India, Russia, Egypt, and Germany.
Let me suggest giving a look at the numerous decryption utilities published by Kaspersky Lab under the No Ransom Project.
Kaspersky is very active in the fight against ransomware, one year ago it launched, along with the Europol and other security firms, the ‘NO More Ransom’ initiative.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – cybercrime, Jaff ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.