Case subject – A zero-day Jaff (WLU extension)
Jaff ransomware has seen some updates lately and we selected the newest variant for today’s exercise.
At the time of the recording, the detection rate on virustotal is 18/60. Jaff is distributed through email SPAM campaigns that trick users into opening malicious attachments. A common example is the claim that the email contains an invoice, but the victim actually opens a malicious document that downloads and executes the ransomware payload.
This variant takes some time before it starts encrypting files, testing for various environmental parameters. After the encryption process starts, TEMASOFT Ranstop detects the ransomware within seconds. The alert is fired up in the notification dialog, while the file recovery and cleanup processes run in the background.
TEMASOFT Ranstop successfully stopped this zero-day ransomware and recovered the damaged files.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.