Hit by Jaff Ransomware? Don’t pay the Ransom. You can unlock your files for Free!
Kaspersky Labs has released an updated version 184.108.40.206 of its free ransomware decryption tool, RakhniDecryptor, which can now also decrypt files locked by the Jaff Ransomware.
Security researchers at Kaspersky Labs have discovered a weakness in the Jaff ransomware code that makes it possible for victims to unlock their Jaff-infected files for free.
First identified last month, Jaff is relatively new ransomware that’s being distributed with the help of ‘Necurs botnet‘ that currently controls over 6 million infected computers worldwide.
Necurs botnet is the same botnet – army of compromised internet connected devices – that was used to distribute Dridex and Locky, which also infects users’ machines, encrypt files and then demand a ransom before unlocking them.
Jaff ransomware (Trojan-Ransom.Win32.Jaff) attack is primarily carried out by sending spam emails to millions of users with an attached PDF, which if clicked, opens up an embedded Word document with a malicious macro script to downloads and execute the ransomware.
Once victims download and enable a Word macro associated with the .PDF, the Jaff ransomware gets downloaded onto their computer, encrypting victims files and then demanding a ransom of between 0.5 to 2 Bitcoin (~$1,500 to $5,000 today).
The Jaff attack started on May 12 – the same day when the devastating WannaCry ransomware debuted – by sending spam emails at the speed of 5 Million emails per hour.
RakhniDecryptor is very easy to use and doesn’t require any technical knowledge. Here’s the list of simple steps to use this tool:
- Download RakhniDecryptor 220.127.116.11
- Run the RakhniDecryptor.exe file on the infected computer
- Click ‘Change parameters’ to select the objects to scan (hard drives/removable drives/network drives)
- Click the ‘Start Scan’ button and then choose the specify path to one of the encrypted files
- The RakhniDecryptor utility will then recover the decryption password to unlock files.