As you may know, the ransomware is that type of malware that encrypts all your personal data and asks for a ransom, in order to get the decryption key.
This kind of internet infection has spread a lot lately, the WannaCry being the largest cyber attack from internet history. Fortunately, a lot of big companies, tech teams and security researchers worked together and stopped WannaCry, for now.
Well, this article brings good news to ransomware victims. The guys from Kaspersky have updated their RakhniDecryptor tool to version 220.127.116.11, bringing support for decrypting files infected by the Jaff ransomware. The researchers have discovered a weakness in the virus’ code and exploited it, being able to create a decrypting tool.
The Jaff ransomware is distributed with the help of Necurs botnet, the same botnet that distributed the Dridex Banking Trojan and the Locky ransomware, in the past.
The Jaff ransomware (found by antivirus software as Trojan-Ransom.Win32.Jaff) spreads via spam emails with infected PDF files that opens a Word file with a malicious macro script that downloads and executes the ransomware.
A few usage instructions, for Kaspersky’s RakhniDecryptor:
The Kaspersky RakhniDecryptor is a lightweight and portable decryption tool, capable of recovering data affected by different types of ransomware, and does not require advanced technical skills to decrypt the files.
- You need to download the latest version of the RakhniDecryptor from here.
- Extract the archive and run the RakhniDecryptor.exe on an infected system.
- Use the Change parameters option to select the locations you want to scan.
- Browse to the exact path of the infected files.
- Next, the tool with recover the decryption password to unlock the files.
Due to the fact that I don’t have encrypted files on my hard drive, I could not create a full tutorial, but the tools is very easy to use.
In order to keep your system safe from ransomware infections, I recommend you to read this article. It provides you 4 security tips that can save your business from ransomware. Or, if you manage to perform your regular tasks only with apps from the Microsoft Store, use Windows 10 S, which is 100% ransomware-proof.