Jaff ransomware has been defeated - a decryption tool has been developed
The malicious program Jaff, which encrypts the victims' data and demands payment of a ransom for restoring access, appeared just a few days before the outbreak of the infamous WannaCry. While conducting the analysis, Kaspersky Lab experts found a weak point in the Jaffa code, which allowed for the preparation of a free decryption tool for victims of this threat.
Jaff is distributed by the cybercrime Necurs botnet - the same one that was behind the campaigns of other threats: Locky and Dridex. Jaffa victims receive spam e-mails with infected PDF files.
By analyzing the Jaff malware code, researchers from Kaspersky Lab found an error that occurs in all currently known versions of this threat. This discovery enabled the upgrade of the free RakhniDecryptor tool with the procedures for decrypting data blocked by Jaff.
To decrypt data blocked by the malicious program Jaff:
- Cure an infected computer using an effective antivirus program.
- Download the latest version of the RakhniDecryptor tool (version 18.104.22.168).
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.