A security breach believed to be in the form of Jaff ransomware has occurred, and we
would like to confirm the situation and provide a warning as follows.

Jaff ransomware

The ransomware in question is called Jaff and appears to be changing all files with file name and extension. jaff.

How it works

file version

[Figure 1 Ransomware executable file compiler information]

[Figure 2 File information in window properties]

Ransomware operation characteristics

• When run as C++-based ransomware, all drives are encrypted and notes are created in each location. After encryption is complete, communicate with a specific C2 server.

  
  [Figure 3 Specific information after completion of encryption]

Infection results

The guide file is created as <ReadMe.txt / ReadMe.html / ReadMe.bmp> in each path, and when encryption is performed, the files are changed to <file name.extension.jaff>.

[Figure 4 Infection results]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 5 Block message]

Watch the Jaff blocking video