Jaff Ransomware Decryption Tool – Unlock Your PC for Free

Kaspersky Labs has released  an updated version of its free ransomware decryption tool, RakhniDecryptor, which can now also decrypt files locked by the Jaff Ransomware.

Security researchers at Kaspersky Labs have discovered a weakness in the Jaff ransomware code that makes it possible for victims to unlock their Jaff-infected files for free.

First identified last month, Jaff is relatively new ransomware that’s being distributed with the help of ‘Necurs botnet‘ that currently controls over 6 million infected computers worldwide.

Jaff ransomware (Trojan-Ransom.Win32.Jaff) attack is primarily carried out by sending spam emails to millions of users with an attached PDF, which if clicked, opens up an embedded Word document with a malicious macro script to downloads and execute the ransomware.

Once victims download and enable a Word macro associated with the .PDF, the Jaff ransomware gets downloaded onto their computer, encrypting victims files and then demanding a ransom of between 0.5 to 2 Bitcoin (~$1,500 to $5,000 today).

The Jaff attack started on May 12 – the same day when the devastating WannaCry ransomware debuted – by sending spam emails at the speed of 5 Million emails per hour.

  • Download RakhniDecryptor
  • Run the RakhniDecryptor.exe file on the infected computer
  • Click ‘Change parameters’ to select the objects to scan (hard drives/removable drives/network drives)
  • Click the ‘Start Scan’ button and then choose the specify path to one of the encrypted files
  • The RakhniDecryptor utility will then recover the decryption password to unlock files.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s