TA505 Gang Is Back With Newly Polished FlawedGrace RAT

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...

Exhibition: it-sa Nuremberg

Scroll down for the German version of this post. Since 2009, security professionals, developers, and product providers have shared their ideas and platforms at it-sa, a security exhibition in the Exhibition Centre in Nuremberg, Germany. This year, it-sa featured 629 exhibitors including...

Player 1 Limps Back Into the Ring - Hello again, Locky!

This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz. Sean Baird and Matthew Molyett contributed to this post.Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky discovered a...

A week in security (Jun 12 – Jun 18)

Last week was very busy for the Labs, with a look at so-called numeric tech support scams, a visit to the huge Infosec Europe conference, an exploration of Mac Malware as a Service, and a walk through the myths of online bullying. Elsewhere: A huge click-farm is busted Jaff Ransomware is thwarted...

Jaff Ransomware Decryption Tool Released – Don't Pay, Unlock Files for Free

Hit by Jaff Ransomware? Don't pay the Ransom. You can unlock your files for Free! Kaspersky Labs has released an updated version 1.21.2.1 of its free ransomware decryption tool, RakhniDecryptor, which can now also decrypt files locked by the Jaff ransomware. Security researchers at Kaspersky Labs...

Decryption Utility Unlocks Files Encrypted by Jaff Ransomware

A weakness discovered in Jaff ransomware by researchers has led to the creation of decryption keys to unlock files locked by the malware. “We have found a vulnerability in Jaff’s code for all the variants to date. Thanks to this, it is now possible to recover users’ files encrypted with the .jaff...

Hackers Behind Jaff Ransomware Selling Victims’ Data on Dark Web

By Jahanzaib Hassan The dark web marketplaces and undergrown marketplaces are full of vendors selling databases, weapons, illegal drugs and malicious software. Now security researchers have discovered yet another ransomware malware not only selling victims data but also selling them online...

Jaff Malware Probe Uncovers Link to Cybercrime Marketplace

An investigation into a new strain of Jaff ransomware uncovered a shared backend infrastructure between the malware and a black market bazaar selling stolen bank and credit card account information. Researchers at Heimdal Security said the cybercrime marketplace they found appeared mature, offeri...

New Jaff Ransomware Part Of Active Necurs Spam Blitz

A new malware family called Jaff has been identified by researchers who say they are currently tracking multiple massive spam campaigns distributing the malware via the Necurs botnet. “It came out of nowhere with a huge bang,” Cisco Talos researchers said Friday In the last 24 hours, the firm has...

Jaff Ransomware: Player 2 Has Entered The Game

This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin GradySummaryTalos is constantly monitoring the email threat landscape and tracking both new threats as well as changes to existing threats. We recently observed several large scale email...

Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware

A massive malicious email campaign that stems from the Necurs botnet is spreading a new ransomware at the rate of 5 million emails per hour and hitting computers across the globe. Dubbed "Jaff," the new file-encrypting ransomware is very similar to the infamous Locky ransomware in many ways, but ...