(Solved)-How To Remove JAFF Ransomware and Decrypt Files

Posted by Mike Lorase
4
May 12, 2017
130 Views

JAFF is a file encrypting malicious software, which will encrypt all your personal documents using RSA-2048 key (AES CBC 256-bit encryption algorithm), appending the .JAFF extension to encrypted files and renaming them as follows [8_random_characters]-[4_random_characters]-[4_random_characters]-[4_random_characters]-[12_random_characters].JAFF. The JAFF ransomware will then display a message which offer to decrypt the data if a payment is made via Bitcoins. Its creators seem to be inspired by Japanese manga “DeathNote” as well as animation series. Actually, there is a Facebook shady group named as JAFF which engages in cyber security activities. According to its profile description, it fully consists of teenagers which provide guidance on how to detect cyber intrusion and how to hack into other device. Nevertheless to say, we have found no evidence that could relate the JAFF ransomware and JAFF Facebook group.If your computer is compromised with JAFF file encoder virus then you should not worry.

 

 

 

JAFF Ransomware is found using RIJNDAEL cipher for encoding certain types of data which is less complicated that AES or RSA ciphers. The ransomware developers tries to play big as they demands 0.5 BTC (currently equivalent to 864.98 USD) in order to provide data decryption key. However, it's decryption key is available for free. However, first you should gather necessary information so that in future your computer doesn't get infected with JAFF ransomware. If the payment is not made within 96 hours the ransom will double. Unfortunately, your computer is infected with the Locky ransowmare. The main goal of ransomware is to scare you into giving your money to the cybercriminals created this malware. Please, have in mind that there is absolutely no guarantee that by paying them they will remove the virus and release the hostage computer. You also will support the attackers by paying them back. This will only not only motivate them into attacking more people, but creating even more sophisticated and hard to remove ransomware viruses.

 

 

(Solved)-How To Remove JAFF Ransomware and Decrypt Files

 

Step 1 – Uninstall Jaff Ransomware and all malware from Control Panel.

1. Press “Windows key + R key” together to open Run window:

 

2. Input “control panel” in Run window and hit Enter key to open Control Panel:

3. Click Uninstall a program:

4. Right-click Jaff Ransomware or other unwanted programs and click Uninstall:

Step 2 – Remove Jaff Ransomware connected adware from Chrome, Firefox, IE and Microsoft Edge.

On Chrome: Launch up Google Chrome> click Chrome menu > click Tools> click Extension> select suspicious and unwanted extensions> click trash bin

On Firefox: Open Firefox, navigate to browser menu in the top right > select Add-ons > select suspicious and unwanted extensions and add-ons > remove it with Disable or Remove button.

On IE: Open Internet Explorer >click Tools > click Manager Add-on Tools and Extensions> select suspicious and unwanted extensions and add-ons > click Remove or Disable button.

On Microsoft Edge: (Reset default homepage and search engine to remove Jaff Ransomware associated virus)

Reset Edge homepage: Click More (…) > click Settings > select A specific page or pages under “Open with” > select Custom to type your favorite website.

Reset Edge homepage: Click More (…) > click Settings > Click View advanced settings > Click <Add new> under “Search in the address bar with”> type your favorite search engine >click Add as default.

Step 3 – Delete malicious files of Jaff Ransomware from Registry.

1. Press “Windows key + R key” together to open Run window, then input “regedit” in Run window and hit Enter key to open Registry:

2. Locate and remove registry files created by Jaff Ransomware and other threats as below:

 

HKLM\SOFTWARE\Classes\AppID\<random>.exe
HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Main\Start Page Redirect=”http://<random>.com”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\virus name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%AppData%\<Jaff Ransomware>.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ‘Random’ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Random

 

JAFF ransomware is well known as well as newly designed Trojan virus that carry malicious codes and hidden programs that can easily executed when it gets installed on the targeted system. Mostly it infiltrates Windows based system and no matter which version you are using. It has been designed in such a way that it can easily affect Windows 10, Win 8 7, Vista, XP etc without user’s consent.

 

Comments
avatar
Please sign in to add comment.