Kaspersky Labs has released an updated version 188.8.131.52 of its free ransomware decryption tool, RakhniDecryptor, which can now also decrypt files locked by the Jaff ransomware.
Security researchers at Kaspersky Labs have discovered a weakness in the Jaff ransomware code that makes it possible for victims to unlock their Jaff-infected files for free.
First identified last month, Jaff is relatively new ransomware that's being distributed with the help of 'Necurs botnet' that currently controls over 6 million infected computers worldwide.
Necurs botnet is the same botnet – army of compromised internet connected devices – that was used to distribute Dridex Banking Trojan and Locky ransomware, which also infects users' machines, encrypt files and then demand a ransom before unlocking them.
Jaff ransomware (Trojan-Ransom.Win32.Jaff) attack is primarily carried out by sending spam emails to millions of users with an attached PDF, which if clicked, opens up an embedded Word document with a malicious macro script to downloads and execute the ransomware.
Once victims download and enable a Word macro associated with the .PDF, the Jaff ransomware gets downloaded onto their computer, encrypting victims files and then demanding a ransom of between 0.5 to 2 Bitcoin (~$1,500 to $5,000 today).
The Jaff attack started on May 12 – the same day when the devastating WannaCry ransomware debuted – by sending spam emails at the speed of 5 Million emails per hour.
How to Use RakhniDecryptor
Kaspersky RakhniDecryptor tool is a lightweight and portable piece of software designed to decrypt files encrypted by several variants of ransomware including Lobzik, Rakhni, Mircop, Crusis and 17 others.
RakhniDecryptor is very easy to use and doesn't require any technical knowledge. Here's the list of simple steps to use this tool:
- Download RakhniDecryptor 184.108.40.206
- Run the RakhniDecryptor.exe file on the infected computer
- Click 'Change parameters' to select the objects to scan (hard drives/removable drives/network drives)
- Click the 'Start Scan' button and then choose the specify path to one of the encrypted files
- The RakhniDecryptor utility will then recover the decryption password to unlock files
How to Protect Yourself From Ransomware Attacks
Whether it's Jaff, Locky, CoinVault, TeslaCrypt, or any other ransomware, the protection measures are standard.
To safeguard against ransomware infections, you should always be suspicious of uninvited documents sent in an email and never click on links inside those documents unless verifying their source.
Check if macros are disabled in your MS Office apps. If not, block macros from running in MS Office files from the Internet. In enterprises, your system administrators can set the default setting for macros.
In order to always have a tight grip on all your important documents, keep a good backup routine in place that makes copies of your files to an external storage device which is not always connected to your PC.
Moreover, make sure that you run an active anti-virus security suite of tools on your system and keep them up-to-date, and most importantly, always browse the Internet safely.