Jaff (malware)

Jaff is malware for Windows that has been attacking computers since May 2017 , shortly before the WannaCry malware broke out.

The malware simulates a ZIP file format or DOCM file that is attached to an e-mail ; opening it opens a Microsoft Word document with an embedded macro that is to be opened via JavaScript . This macro then reloads the Jaff ransomware .

The countries most affected are Germany , the Netherlands , the USA , France , Japan , Canada and Australia .

In June of Kaspersky with RakhniDecryptor a decryption tool published that own files decrypted without paying ransom.

Content of the email

The short text of the email explicitly requests the recipient to open the attached PDF file.

Harmful effect

After the attack, the malicious program encrypts some files. The files now have the file extension .wlu . The user has to pay for decryption on a Darknet site with bitcoins worth around 700 euros. The malware also tries to infect other Windows computers as a worm and installs the DoublePulsar backdoor .

Individual evidence

↑ Jaff
↑ Jaff (English)
↑ Decryption tool for blackmail trojan Jaff published at heise.de

[1] Jaff

[2] Jaff (English)

[3] Decryption tool for blackmail trojan Jaff published at heise.de