Errors in Jaff and EncrypTile Ransomware Exploited to Crack Crypto on Demand
Victims of Jaff and EncrypTile ransomware can take advantage of two new free tools from security firms that exploit weaknesses in the malware crypto to forcibly crack encrypted files on demand – no potential ransom-payment required.
Moscow-based Kaspersky Labs has released a free decryptor for Jaff ransomware, while Prague-based Avast has released a free decryption tool for EncrypTile ransomware.
Both firms urge victims to first disinfect their PCs using security software before attempting to download and run any decryptors.
The Jaff decryptor was built thanks to Fedor Sinitsyn, a senior malware analyst at Kaspersky Labs, discovering a weakness in the ransomware. The free decryption tool for unlocking files – RakhniDecryptor version 184.108.40.206 – is one of many being distributed via the No More Ransom project, of which Kaspersky Lab is a member.
“We have found a vulnerability in Jaff’s code for all the variants to date,” Sinitsyn tells Information Security Media Group. “Thanks to this, it is now possible to recover users’ files (encrypted with the .jaff, .wlu, or .sVn extensions) for free.”