• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

A Look into Jaff Ransomware

February 12, 2019Simeon Georgiev

Jaff ransomware had first surfaced back in 2017 but it had been neglected by ransomware removal companies because WannaCry stole all the spotlight. It was since then that Jaff ransomware worked in the shadows and began infecting systems all over the world. That said, in this analysis we will be looking at some common techniques used by this strain of malware and how it went about its infecting routine.

Entry Points

Like many of the variants that have risen since 2017, Jaff ransomware is commonly received as a PDF file. Once this attachment is clicked on, and this is where all the problems begin. The attachment launches a document that is embedded and consists of instruction. These instructions teach you how to remove the protection from documents. If your computer had anti-virus softwares installed, then you will definitely get alerts – but it would already be too late.

Garbage Code, Decryption and Redirection

After the Jaff ransomware file has been downloaded onto your system, the malware starts using a garbage code in order transfer blocks of codes to your system. These codes then get executed in random orders and then 3 different blocks of encryption are used to lock away your system’s files.

Resolving APIs

After the malware has begun encrypting files on your computer, the malware also launches some features that are designed to conceal it from antivirus products. Most malware variants are known to use simple encryption to mask themselves from APIs and antiviruses but Jaff malware has been designed in a manner to use hashing.

The Ransom Notes

Jaff delivers its ransom instructions in 3 file formats – image (bpm), regular text and even html. These ransom notes are usually in the same format – with time periods, ransom amounts and subtle warnings about trying to decrypt files on your own. Other than this, the ransom note also consists of information regarding contacting the developers of the ransomware.

Precautionary Measures

As the only way this ransomware can make it into victim’s systems is via attachments in emails, it is obvious what precautionary measures are vital here. All people need to make sure is that they don’t open email attachments without confirming their sources first and especially avoid email attachments that seem to have come from companies.

Always remember folks, preventative precautions are much more effective than post-disaster measures.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post How to Remove LockerGoga Ransomware? Next post New Ransomware Strain Is Locking up Bitcoin Mining Rigs in China

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.