Skip to Content

New ransomware spreading fast – Demands BIG money!

If you follow us here at, you probably know that ransomware is the number one digital threat in the world. The FBI estimates that nearly $1 billion was paid by victims of these attacks in 2016 alone.

One of the scariest and most successful ransomware campaigns to date has been Locky. Now, there is a new attack that is spreading like wildfire all across the globe.

How to spot Jaff ransomware

The new ransomware is called Jaff and it is spreading at a super fast rate. It’s being delivered by the Necurs botnet through a malicious email campaign.

People from all over the world started receiving these malicious emails on May 11, 2017. In just the first few hours of the Jaff ransomware campaign, over 13 million emails were discovered.

The malicious emails contain one of the following subject lines:

  • PDF_{four or more digits}
  • Scan_{four or more digits}
  • File_{four or more digits}
  • Copy_{four or more digits}
  • Document_{four or more digits}
  • Receipt to print

The criminals have attached a PDF document to the email that contains an embedded DOCM file with a malicious Macro script. If the recipient runs this Macro, the ransomware is executed and files on the victims’ gadget are encrypted. Impacted files are renamed and end with .jaff.

A ransom note will then appear on your gadget, it looks like this:

Image: Example of Jaff ransomware note (Source: Forcepoint)

The victim is instructed to install the Tor Browser and go to a link on the Dark Web. There, the victim will find instructions on how to pay the ransom to receive a private key that will allow them to decrypt the files.

The criminals behind this attack are asking for a hefty ransom. The demand to decrypt the victims’ files is 1.79 Bitcoins, which is about $3,300. This is much larger than a normal ransom demand, so you definitely want to avoid it.

How to protect against ransomware attacks

In an effort to help people fight ransomware attacks, the FBI suggests taking these steps:

  • Back up data regularly – this is the best way to recover your critical data if your computer is infected with ransomware.
  • Make sure your backups are secure – do not connect your backups to computers or networks that they are backing up.
  • Do NOT enable macros – You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
  • Never open risky links in emails – don’t open attachments from unsolicited emails, it could be a phishing scam. Ransomware can infect your gadget through malicious links found in phishing emails. Can you spot one? Take our phishing IQ test to find out.
  • Have strong security software – this will help prevent the installation of ransomware on your gadget.

Backing up your critical data is an important safety precaution in the fight against ransomware. We recommend using our sponsor, IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Click here to receive a special discount of 50 percent.

More stories you can’t miss:

5 password mistakes that will likely get you hacked

3 steps to virus-proof your computer

Secret keyloggers hiding in top-selling laptops!

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook