1 of 6
Danger level 8
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Jaff Ransomware

Jaff Ransomware is a malicious threat that marks its encrypted files with .jaff extension. Compared to other infections from the same category, the ransomware does not appear to be extremely harmful. It targets only private files while data belonging to the operating system or other software on the computer should remain unaffected. Also, the malware does not lock the screen; making its deletion less complicated. However, erasing Jaff Ransomware manually is still not an easy task as there are quite a few steps you would have to complete. If you think you can handle it, we encourage you to have a look at the instructions located below the text. The malicious application can be erased with antimalware software too, so do not hesitate to use it if removing the threat manually appears to be too difficult. Lastly, we recommend reading the rest of the text as it could help you learn more about the infection and perhaps even avoid dangerous programs alike in the future.

Our specialists learned the application is being distributed quite actively through Spam emails. Apparently, the malware’s launcher is an infected PDF file that downloads and executes Jaff Ransomware once you open it. The malicious PDF file could be titled Copy_{random numbers}, Document_{random numbers}, Scan_{random numbers}, PDF_{random numbers}, and so on. Therefore, users may open it while thinking it is a simple text file, an important document, etc. No matter what the title says, we would advise you to always take a moment before opening an email attachment. Before launching it, you should make sure it comes from a reliable source. If the file raises any suspicion at all, you should not take any chances and scan the attachment with a reliable antimalware tool right away.

What happens if you do not realize the file is malicious? After opening it, Jaff Ransomware might settle in the system by creating folders titled as Rondo in %ALLUSERSPROFILE% and %ALLUSERSPROFILE%\Application Data directories. Afterward the infection should look for targeted data and start encrypting it. According to our researchers, the malware is only after the user’s personal files, for example, videos, photos, images, text files, etc. The malicious application might lock such data with RSA and AES encryption algorithms. During this process, the threat is supposed to create a unique encryption key that together with a decryption tool could be used to restore files. The problem is this key is stored not on your PC, but on the cyber criminals’ server. In other words, it is impossible to obtain it.

Jaff Ransomware might say otherwise as they can try to convince you they would give the key to you if you pay a ransom. Since there are no guarantee the hackers will keep up to their promises, we always advise against paying the ransom. This case is not an exception, especially when the infection’s creators are demanding for a huge sum. It was reported that they ask from one to two Bitcoins. At the moment of writing one BTC is approximately 2.480 US dollars. It is not a sum most of the users would be willing to risk with, especially when there are no reassurances and no refunds. If you do not think it is a good idea either, we encourage you to eliminate the malware.

As we already said in the first paragraph, there are a few steps to complete if you wish to eliminate the malware manually. Firstly, you should check if the malicious application is still running and kill its process if it is. Then, it is necessary to locate data belonging to the threat and erase it according to the instructions placed below the text. A simpler way to get rid of Jaff Ransomware is to perform a system scan with a trustworthy antimalware tool. In such case, you would need to wait a bit till the system is checked and then you could simply click the removal button. No matter what solution you choose, if there is anything else we could help with, try to write a comment below or reach us through social media.

Get rid of Jaff Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Click the Processes tab.
  4. See if you can find a malicious process belonging to the ransomware.
  5. Mark this process and press End Task to kill it.
  6. Exit Task Manager.
  7. Tap Windows key+E.
  8. Find the file you opened right before the malware appeared; it could have been saved on Desktop, Temporary Files, Downloads, etc.
  9. Right-click this malicious file and press Delete.
  10. Go to these locations:
    %ALLUSERSPROFILE%\Application Data
  11. Find folders titled as Rondo and delete them.
  12. Close the Explorer.
  13. Empty the Recycle bin.
  14. Reboot the system.
Download Spyware Removal Tool to Remove* Jaff Ransomware
  • Quick & tested solution for Jaff Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.