Jaff Ransomware Demands a Two Bitcoin Payment to Decrypt Files

Ransomware comes in many different shapes and sizes.

Some malware strains are rather easy to remove free of charge, whereas others can be a real pain in the rear. Jaff, a new type of ransomware, is perhaps one of the most expensive types of malware we have seen in quite some time. It demands a ransom of $3,700 to be paid in Bitcoin, which is a rather steep amount.

Jaff Ransomware Swings For The Fences

It is evident criminals who rely on ransomware distribution are looking to make a lot of money in quick succession. That is much easier said than done, though, as security researchers often come up with free decryption tools to nullify these threats.  However, in the case of Jaff,  there is no free decryption option whatsoever right now. Similarly to virtually any other type of ransomware, the Jaff malware encrypts files and gives them a custom file extension. It appears the files are encrypted using AES, which has become the norm over the past few months. It also appears Jaff shares a lot of similarities with Locky, at least here the payment page is concerned. That is rather interesting, although Jaff demands a much higher amount compared to Locky.

This brings us to what puts Jaff on the radar of security researchers right now. The malware demands victims to pay $3,700 worth of Bitcoin to have the files restored. It is rated unusual for ransomware types to charge such a steep amount, considering most consumers won’t spend that amount of money on recovering their files. Then again, people who are genuinely worried about losing sensitive files may be tricked into paying the ransom in the end. Regarding the distribution of Jaff ransomware, it appears the malware is actively distributed through MALSPAM traffic originating from the Necurs botnet. People who have been following our ransomware coverage may recall the Necurs name, as it is a popular botnet to distribute malware on a rather large scale. Spam email campaigns have been a very popular tool among cybercriminals over the past few years, and it looks like things will not change anytime soon.

To be more specific, the Jaff ransomware is hidden in a malware-laden email attachment that requires users to enable macros in Microsoft Word. Once the user does so, they will download multiple malicious files on their machine, including the Jaff payload itself.  As soon as the download is finished, the files on the computer will be encrypted. Breaking this encryption is impossible right now unless the money is paid. A demand of a $3,700 payment in Bitcoin is rather unusual, to say the least. This aggressive method by the criminals will make their ransomware a type priority for security researchers to decrypt with a free tool, though. It is doubtful anyone would pay 2 Bitcoin to restore file access. It is unclear if files can be restored from a previous backup, though, as most ransomware types often delete shadow volume copies as well.

Chuck Reynolds
Contributor
Please click either Link to Learn more about Bitcoin.