- Jul 22, 2014
- 2,525
A new variant of the Jaff ransomware was discovered by security researcher Brad Duncan that includes an updated design for the ransom note and the new WLU extension for encrypted files. Like the first variant of Jaff, this new version continues to be distributed through MALSPAM campaigns that utilize malicious documents and macros to download and install the ransomware.
For those who are infected, or just wish to discuss the Jaff ransomware, you can do so in our dedicated Jaff Ransomware Help & Support Topic.
WLU Jaff Ransom Variant Comes with an Updated Ransom Note
With this new WLU version, Jaff started using a new design for its ransom note and name for its decryption service. In the previous version, the ransom note was titled "jaff decryptor system" and contained a blank amateurish ransom note whose CSS & HTML was a mess.
This new version is now titled "JAFF DECRYPTOR" and definitely looks like they dedicated some time to it. Unfortunately, as the Jaff developers are now releasing new versions and updating their design to appear more "professional", it may indicate that their previous campaigns have been successful. With that said, we can expect to see more updates in the future.
....
It is not possible to decrypt the Jaff Ransomware WLU Variant
Unfortunately, it is not possible to decrypt .wlu files encrypted by the Jaff Ransomware for free.
The only way to recover encrypted files is via a backup, or if you are incredibly lucky, through Shadow Volume Copies. If you are unable to restore your files from a backup, I always suggest that victims try and restore their files from Shadow Volume Copies to be safe.
For those who are infected, or just wish to discuss the Jaff ransomware, you can do so in our dedicated Jaff Ransomware Help & Support Topic.
WLU Jaff Ransom Variant Comes with an Updated Ransom Note
With this new WLU version, Jaff started using a new design for its ransom note and name for its decryption service. In the previous version, the ransom note was titled "jaff decryptor system" and contained a blank amateurish ransom note whose CSS & HTML was a mess.
This new version is now titled "JAFF DECRYPTOR" and definitely looks like they dedicated some time to it. Unfortunately, as the Jaff developers are now releasing new versions and updating their design to appear more "professional", it may indicate that their previous campaigns have been successful. With that said, we can expect to see more updates in the future.
....
It is not possible to decrypt the Jaff Ransomware WLU Variant
Unfortunately, it is not possible to decrypt .wlu files encrypted by the Jaff Ransomware for free.
The only way to recover encrypted files is via a backup, or if you are incredibly lucky, through Shadow Volume Copies. If you are unable to restore your files from a backup, I always suggest that victims try and restore their files from Shadow Volume Copies to be safe.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}