Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Ransomware 'Jaff' Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It (theregister.co.uk)

Posted by msmash on from the new-ransomware-in-town dept.

An anonymous reader writes: The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed "Jaff". Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware. Locky -- like Jaff -- also used the Necurs botnet and a booby-trapped PDF, security firm Malwarebytes notes. "This is where the comparison ends, since the code base is different as well as the ransom itself," said Jerome Segura, a security researcher at Malwarebytes. "Jaff asks for an astounding 2 BTC, which is about $3,700 at the time of writing." Proofpoint reckons Jaff may be the work of the same cybercriminals behind Locky, Dridex and Bart (other nasty malware) but this remains unconfirmed. And Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday, or 13 million in total at the time it wrote up a blog post about the new threat.

3 of 58 comments (clear)

  1. And, This is Why... by CAOgdin · · Score: 4, Insightful

    ...I have 100% backups of every computer on my LAN, every night, stored to an external drive, one of three that I rotate among. The backups are automatic, concluded by shutting down the computer from which the backup was just copies to disk, every night. I have about a weeks' worth of backups on each disk, for each computer on the LAN, so I have about three weeks' worth of backups on hand. Rolling back is easy, and takes less than an hour.

    I'll never understand how technologists--who claim they are professionals--can leave their own or others' computers unprotected by backups, automatically made ('cause if they're not automatic, they'll never get made).

    Sure, anti-virus and malware detection is important, but my backups are the final defense against miscreants like those who create these malicious invasion methodologies.

    1. Re:And, This is Why... by silverhalide · · Score: 3, Insightful

      Ok, but why? Backing up individual PCs is a waste of time and resources in the high-speed network era.

      Train your users that it's 2017, workstations are disposable and may disappear at any given moment. If their shit isn't saved on the network NAS or in $CloudDriveProvider, it doesn't exist. Restoring should be just re-imaging a computer and signing back into relevant accounts.

      Windows has had seamless server file storage redirection for years, so you don't even really have to train them, just redirect My Documents and Desktop to the fileserver.

      Ditch MS office already. It's 2017 and there is absolutely no excuse for these types of vulnerabilities anymore. It doesn't do anything useful that Google Docs does, unless you consider spreading malware useful.

    2. Re:And, This is Why... by Zenin · · Score: 4, Insightful

      1) A LOT of workstations include not just data, but a lot of specific configuration. That's especially true of those used in the medical field where they're used to control equipment, but it's also very true for any user more advanced than an office drone. Simply re-imaging them won't get them anywhere remotely close to a functional state.

      2) Simply saving to network/cloud drive won't save you from ransomware; They'll simply encrypt every NAS/cloud storage the user has access to. Often it can greatly exacerbate the problem because if/when a server attached to that NAS gets infected...it can encrypt the entire company's data at a much, much faster rate than local PCs and doesn't need to infect all those individual machines or wait for them to be powered on. Cloud storage is even worse in this regard, because access keys can be jacked and the storage reached externally by bot clusters.

      Also, NAS is dead...long live hybrid solutions. Panzura, StorSimple, etc. Still, it requires massively upgraded networks, both LAN and WAN connectivity, to adequately replace local storage with remote for hundreds or thousands of users.

      A much more legitimate response would be something like AWS WorkSpaces, but again local machine controllers often won't be able to use those solutions.

      3) Who the hell uses My Documents? Despite MS pushing it for ages, real world usage shows almost everyone (especially non-power users) saving everything to their desktop.

      4) Ditch MS Office, haha that's funny. Clearly, you don't work in any company larger than a few dozen employees.

      --
      My /. uid is better then your /. uid