{"id":7599,"date":"2017-05-11T10:11:00","date_gmt":"2017-05-11T18:11:00","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/11\/news-1384\/"},"modified":"2017-05-11T10:11:00","modified_gmt":"2017-05-11T18:11:00","slug":"news-1384","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/05\/11\/news-1384\/","title":{"rendered":"New ‘Jaff’ ransomware via Necurs asks for 2 BTC"},"content":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Thu, 11 May 2017 17:11:12 +0000<\/strong><\/p>\n

There is yet another ransomware on the block, but contrary to the many copycats out there this one appears to be more serious and widespread since it is part of the Necurs spam campaigns.<\/p>\n

Originally identified<\/a> by security researcher\u00a0S!Ri<\/a>, the Jaff ransomware looks very identical to Locky in many ways: same distribution via the Necurs botnet, same PDF that opens up a Word document with a macro, and also similar payment page.<\/p>\n

\"\"<\/a><\/p>\n

\"\"<\/a><\/p>\n

However, this is where the comparison ends, since the code base is\u00a0different\u00a0as well as the ransom itself. Jaff asks for an astounding 2 BTC, which is about $3,700 at the time of writing.<\/p>\n

\"\"<\/a><\/p>\n

Malwarebytes<\/a> users are already protected against this ransomware thanks to our multi-layer defense. In the diagram below we show how the threat can\u00a0be blocked via each of our\u00a0protection modules (in a typical\u00a0scenario, the threat would be stopped\u00a0at the first layer which is the Application Behavior Protection):<\/p>\n

\"\"<\/a><\/p>\n

In the meantime, the return of Locky<\/a> after a short hiatus has not been as big as anticipated. The appearance of the Jaff ransomware may also take away\u00a0some market shares from it.<\/p>\n

The post New ‘Jaff’ ransomware via Necurs asks for 2 BTC<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Thu, 11 May 2017 17:11:12 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
The dreaded Necurs botnet delivers a new ransomware with a high ransom ask in this newest spam campaign.<\/p>\n

Categories: <\/p>\n