link3822 link3823 link3824 link3825 link3826 link3827 link3828 link3829 link3830 link3831 link3832 link3833 link3834 link3835 link3836 link3837 link3838 link3839 link3840 link3841 link3842 link3843 link3844 link3845 link3846 link3847 link3848 link3849 link3850 link3851 link3852 link3853 link3854 link3855 link3856 link3857 link3858 link3859 link3860 link3861 link3862 link3863 link3864 link3865 link3866 link3867 link3868 link3869 link3870 link3871 link3872 link3873 link3874 link3875 link3876 link3877 link3878 link3879 link3880 link3881 link3882 link3883 link3884 link3885 link3886 link3887 link3888 link3889 link3890 link3891 link3892 link3893 link3894 link3895 link3896 link3897 link3898 link3899 link3900 link3901 link3902 link3903 link3904 link3905 link3906 link3907 link3908 link3909 link3910 link3911 link3912 link3913 link3914 link3915 link3916 link3917 link3918 link3919 link3920 link3921 link3922 link3923 link3924 link3925 link3926 link3927 link3928 link3929 link3930 link3931 link3932 link3933 link3934 link3935 link3936 link3937 link3938 link3939 link3940 link3941 link3942 link3943 link3944 link3945 link3946 link3947 link3948 link3949 link3950 link3951 link3952 link3953 link3954 link3955 link3956 link3957 link3958 link3959 link3960 link3961 link3962 link3963 link3964 link3965 link3966 link3967 link3968

Jaff Ransomware Demands a Two Bitcoin Payment to Decrypt Files

Jaff Ransomware Demands a Two Bitcoin Payment to Decrypt Files

Ransomware comes in many different shapes and sizes.

Some malware strains are rather easy to remove free of charge, whereas others can be a real pain in the rear. Jaff, a new type of ransomware, is perhaps one of the most expensive types of malware we have seen in quite some time. It demands a ransom of $3,700 to be paid in Bitcoin, which is a rather steep amount.

Jaff Ransomware Swings For The Fences

It is evident criminals who rely on ransomware distribution are looking to make a lot of money in quick succession. That is much easier said than done, though, as security researchers often come up with free decryption tools to nullify these threats.  However, in the case of Jaff,  there is no free decryption option whatsoever right now. Similarly to virtually any other type of ransomware, the Jaff malware encrypts files and gives them a custom file extension. It appears the files are encrypted using AES, which has become the norm over the past few months. It also appears Jaff shares a lot of similarities with Locky, at least here the payment page is concerned. That is rather interesting, although Jaff demands a much higher amount compared to Locky.

This brings us to what puts Jaff on the radar of security researchers right now. The malware demands victims to pay $3,700 worth of Bitcoin to have the files restored. It is rated unusual for ransomware types to charge such a steep amount, considering most consumers won’t spend that amount of money on recovering their files. Then again, people who are genuinely worried about losing sensitive files may be tricked into paying the ransom in the end. Regarding the distribution of Jaff ransomware, it appears the malware is actively distributed through MALSPAM traffic originating from the Necurs botnet. People who have been following our ransomware coverage may recall the Necurs name, as it is a popular botnet to distribute malware on a rather large scale. Spam email campaigns have been a very popular tool among cybercriminals over the past few years, and it looks like things will not change anytime soon.

To be more specific, the Jaff ransomware is hidden in a malware-laden email attachment that requires users to enable macros in Microsoft Word. Once the user does so, they will download multiple malicious files on their machine, including the Jaff payload itself.  As soon as the download is finished, the files on the computer will be encrypted. Breaking this encryption is impossible right now unless the money is paid. A demand of a $3,700 payment in Bitcoin is rather unusual, to say the least. This aggressive method by the criminals will make their ransomware a type priority for security researchers to decrypt with a free tool, though. It is doubtful anyone would pay 2 Bitcoin to restore file access. It is unclear if files can be restored from a previous backup, though, as most ransomware types often delete shadow volume copies as well.

Chuck Reynolds
Contributor
Please click either Link to Learn more about Bitcoin.

Alan Zibluk Markethive Founding Member