Entry Points
Like many of the variants that have risen since 2017, Jaff ransomware is commonly received as a PDF file. Once this attachment is clicked on, and this is where all the problems begin. The attachment launches a document that is embedded and consists of instruction. These instructions teach you how to remove the protection from documents. If your computer had anti-virus softwares installed, then you will definitely get alerts – but it would already be too late.
Garbage Code, Decryption and Redirection
After the Jaff ransomware file has been downloaded onto your system, the malware starts using a garbage code in order transfer blocks of codes to your system. These codes then get executed in random orders and then 3 different blocks of encryption are used to lock away your system’s files.
Resolving APIs
After the malware has begun encrypting files on your computer, the malware also launches some features that are designed to conceal it from antivirus products. Most malware variants are known to use simple encryption to mask themselves from APIs and antiviruses but Jaff malware has been designed in a manner to use hashing.
The Ransom Notes
Jaff delivers its ransom instructions in 3 file formats – image (bpm), regular text and even html. These ransom notes are usually in the same format – with time periods, ransom amounts and subtle warnings about trying to decrypt files on your own. Other than this, the ransom note also consists of information regarding contacting the developers of the ransomware.
Precautionary Measures
As the only way this ransomware can make it into victim’s systems is via attachments in emails, it is obvious what precautionary measures are vital here. All people need to make sure is that they don’t open email attachments without confirming their sources first and especially avoid email attachments that seem to have come from companies.
Always remember folks, preventative precautions are much more effective than post-disaster measures.
