Ranstop stops zero-day Jaff variant – TEMASOFT Lab Demo

Case subject – A zero-day Jaff (WLU extension)

Jaff ransomware has seen some updates lately and we selected the newest variant for today’s exercise.
At the time of the recording, the detection rate on virustotal is 18/60. Jaff is distributed through email SPAM campaigns that trick users into opening malicious attachments. A common example is the claim that the email contains an invoice, but the victim actually opens a malicious document that downloads and executes the ransomware payload.

Case facts

This variant takes some time before it starts encrypting files, testing for various environmental parameters. After the encryption process starts, TEMASOFT Ranstop detects the ransomware within seconds. The alert is fired up in the notification dialog, while the file recovery and cleanup processes run in the background.

Case Conclusion

TEMASOFT Ranstop successfully stopped this zero-day ransomware and recovered the damaged files.

Click here to watch TEMASOFT Ranstop in action (video)!

Virustotal details for the payload;

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.