The Locky ransomware is back, spreading via a massive wave of spam emails distributed by the Necurs botnet, but the campaign appears to be a half-baked effort because the ransomware is not able to encrypt files on modern Windows OS versions, locking files only on older Windows XP & Vista machines.
For the most part, mostly in-development ransomware released this week. No really major ransomware variants released that are much of a threat. The big news, though, is that Kaspersky was able to figure out how to crack the decryption for the Jaff Ransomware and release a free decryptor.
Fedor Sinitsyn, a senior malware analyst at Kaspersky Labs, has discovered a weakness in the Jaff ransomware and was able to release a decryptor for all current variants For those who were infected with Jaff and had their files encrypted with the .jaff, .wlu, or .sVn extensions, this decryptor can recover your files for free.
Another week of mostly small ransomware releases. Ultimately, this is a good thing as the vast majority of these are never released. Of biggest note is a macOS RaaS, a new Jaff variant, and the potential for a new ransomware called Spectre.
On Wednesday, security researcher Derek Knight discovered a new Jaff campaign spewing out emails that pretend to be emails from local copy machines. These SPAM emails contain attachments that include an executable file, which encrypt a victim's files and append the .sVn extension to encrypted file names.
The people who distribute the Jaff ransomware share server space with a cybercrime marketplace called PaySell. The server in question is located at 220.127.116.11, an IP assigned to a hosting provider in Saint Petersburgh, Russia, according to Heimdal Security, the company that discovered the connection.
This week was a busy with lots of little variants discussed below and a new version of the Jaff Ransomware circulating via MALSPAM. The big news is that AES-NI decided to close shop and has starting releasing the master decryption keys so people can get their files back for free.
A new variant of the Jaff ransomware was discovered that includes an updated design for the ransom note and the new WLU extension for encrypted files. Like the first variant of Jaff, this new version continues to be distributed through MALSPAM campaigns.
What a crazy end of the week we had with the WanaCrypt0r RansomApocaGeddonWare! This ransomware literally took the entire world by storm by utilizing the NSA EternalBlue SMBv1 exploit to install ransomware on many high profile victims. While that was definitely the big news, the good news is we also saw a some decryptors released.
A new ransomware was discovered today called Jaff ransomware. This ransomware will encrypt your files and append the .jaff extension to encrypted files. It also joins the ranks of other ransomware that steal payment site templates from Locky.