Jaff Ransomware

What is Jaff Ransomware?

Jaff Ransomware is a troublesome malicious application as it not only encrypts user’s private data, but also changes desktop wallpaper, places numerous copies of annoying ransom notes, and auto-starts with the operating system to keep reminding the user of its presence. Despite all their attempts to convince you to pay the ransom, we would advise you not to give up and not risk losing your money. One Bitcoin might not seem like a huge amount of money if you do not have any idea what its worth is. Currently, 1 BTC is around 2200 US dollars, and the malware’s creators might ask for up to 2 BTC. If you would not like to risk losing such an amount of money we advise you to pay no attention to the hackers’ demands and erase Jaff Ransomware with no hesitation. To help our readers complete this task, our specialists at Anti-spyware-101.com prepared manual removal instructions placed below.

Where does Jaff Ransomware come from?

It appears to be Jaff Ransomware is distributed through Spam email campaigns. The subject of such emails could be Copy_[random numbers}, Document_[random numbers], Scan_[random numbers], File_[random numbers], PDF_[random numbers], and so on, for example, Document_7521592. As for the attached file, it could be a PDF document with a random name, e.g. nm.pdf. To infect the computer, the user needs to open such a file, and it immediately downloads the malware. Clearly, if you wish to avoid similar threats, you should be extra cautious with suspicious emails. It is wiser not to open attachments that are sent without any explanation or comes from an unknown sender. To make sure they are secure, you should firstly scan them with a reliable antimalware tool.

How does Jaff Ransomware work?

Our computer security specialists say the malware uses both RSA and AES encryption algorithms to lock user’s private data. Based on the malicious program’s version it can append .jaff or .wlu extension to each encrypted file. Besides, different Jaff Ransomware variant might drop either ReadMe.txt, ReadMe.html, and ReadMe.bmp or README_TO_DECRYPTl.txt, README_TO_DECRYPT.html, and README_TO_DECRYPTl.bmp files. It seems the infection creates such data and changes the user’s Desktop image as soon as it is done with the encryption process. The mentioned .txt and .html files could appear in all the directories that contain locked files.

What’s more, these .html and .txt files should include the same message from Jaff Ransomware’s developers. In it, they assure the infection damaged all the user’s files and urge to install Tor browser and load the provided link. Our researchers accessed the ransomware’s website and found out what information it provides. Apparently, the site contains detailed instructions on how to purchase Bitcoins and transfer the requested sum into the hackers’ account. Needless to say, cyber criminals cannot be trusted, and if you decide to put up with their demands, you could end up being scammed. Therefore, we advise users not to risk with their savings and get rid of the malicious program immediately. Afterward, you could restore data with copies from removable media devices or try specialized recovery tools.

How to erase Jaff Ransomware?

It is entirely possible the malicious application might be still running in the background even if you close its displayed ransom note. Thus, if you wish to erase it manually, you should end its process through the Task Manager. The instructions located below will not only guide you through this process but also tell you how to find and remove all data belonging to Jaff Ransomware. We should mention there is a more effortless way to deal with the malware if you are willing to get a legitimate antimalware tool. Then you would only need to set the chosen tool to scan the system and click the deletion button after the scanning is over.

Eliminate Jaff Ransomware

1. Press Ctrl+Alt+Delete combination.
2. Access the Task Manager and go to Processes.
3. Check if there are any suspicious processes running that could be related to the malware.
4. Select the infection’s process and press End Task.
5. Leave the Task Manager.
6. Press Windows key+E to launch the File Explorer.
7. Go to Desktop, Temporary Files, Downloads, or other folders where the threat’s installer could have been downloaded.
8. Select the suspicious file and press Shift+Delete.
9. Search for these directories:
   %ALLUSERSPROFILE%\Application Data
   %ALLUSERSPROFILE%
10. Locate folders called Rondo and press Shift+Delete to erase them.
11. Then use Shift+Delete combination to remove all ransom notes.
12. Exit the Explorer.
13. Restart the PC. Download Removal Tool100% FREE spyware scan and
    tested removal of Jaff Ransomware*