Ransomware attacks, possible to recover files locked by Jaff

Kaspersky Lab has discovered a vulnerability in the code of the ransomware virus and released a tool to get back possession of the data encrypted by the malware

Ransomware, the infamous ransomware viruses, are not always so infallible, as users fear like the plague, given the difficulty to recover encrypted files. In fact, Kaspersky Lab, one of the most renowned companies in the cybersecurity field, has discovered a flaw in Jaff ransomware.

It is one of the most dangerous malware, belonging to this family of malicious programs, whose disruptive force started hitting victims a few days before WannaCry, the ransomware capable of sending computer systems halfway around the world into a tailspin in just a few hours. Jaff attacks the victims through a PDF file contained in the e-mails, which if opened encrypts all the data present in the affected machines. The files, made inaccessible by ransomware viruses, are encoded with different extensions: .wlu, .sVn, and .jaff. According to Kaspersky Lab reports, the hackers demand between 0.2 and 2 Bitcoins to lock the files, an amount exceeding 4,000 euros.

A tool to defeat Jaff

Researchers at the cybersecurity expert company have found the vulnerability in the code of all variants of the Jaff ransomware. By exploiting the flaw, it is possible to recover the keys to decrypt the data compromised by the malware and thus regain possession of all files. Kaspersky has also developed a tool, which, starting from one of the data "obscured" by the ransomware and the text containing the ransom demand, is able to free the machine from the terrible ransomware.

How to Protect Yourself

Jaff is simply a ransomware and like any malware to strike it must first induce the victim to perform a series of behaviors. In the specific case, as we have seen, the malicious file is contained within a PDF attachment. The main advice in such cases is to pay attention to suspicious emails. If you do not recognize the sender or notice something unusual in the text, do not take any chances. Do not open the file or link contained in the email - it might be malware.