nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

If you haven't already obliterated your Jaff-infected comp, there is an antidote available

Lovely chaps at Kaspersky have developed decryption tool

By John Leyden, 15 Jun 2017

Security researchers have developed a free decryption tool for victims of the ‪Jaff‬ ransomware, meaning they can regain access to files without paying crooks.

The utility – developed by boffins at Kaspersky Lab – works on all variants released to date. Of course there is still the possibility that the criminals behind Jaff could release a version that resists decryption.

Researchers were able to develop the utility after identifying a flaw in Jaff's code, as explained in a post on Kaspersky Lab's ThreatPost blog. The work earned plaudits from other security researchers, such as McAfee's Raj Samani.

Jaff erupted last month and was spread through a spam run mounted using the Necurs botnet.

Infected messages featured a PDF attachment with an embedded Microsoft Word document. Marks who opened these messages on Windows machines were at risk of getting infected providing they had macros enabled.

Victims were told to hand over 0.5 to 2 Bitcoin (approximately $1,500-$5,000) if they wanted to see their files again. The whole attack caused significant problems over recent weeks even though it was overshadowed by the WannaCrypt outbreak, which hit at almost the same time.

Kaspersky Lab has previously released decryption keys for ransomware variants of CoinVault, TeslaCrypt and Crybola. Antidotes for Jaff and EnryTile (a less successful strain of malware) were added this week. More info on the recovery tools can be found on the No Ransom Project website here. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing