HKCERT warns about new ransomware spreading via spam emails

The Jaff ransomware hackers demand users to pay two Bitcoins (equivalent to HK$28,000) to get their infected files decrypted.

By Adrian M. Reodique
May 24, 2017

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council has advised internet users to remain vigilant with the emergence of new Jaff ransomware. HKCERT received one incident report on Jaff ransomware.

According to HKCERT, the new malware is being spread through spam e-mail campaigns. The subject of the e-mails follow a certain pattern, including words: "Copy", "Document", "Scan", "File", or "PDF" followed by a random number (e.g. Copy_123). Some e-mails merely uses "Scanned Image" as a subject.

The e-mail includes a PDF attachment containing an embedded Microsoft Word document. When the user opens the PDF file with Microsoft Word and enables editing, a macro feature will be executed to download and install the malware to the victim's computer.

The ransomware will then encrypt the files in the computer and demand a ransom of two Bitcoins or equivalent to HK$28,000.

To avoid falling prey on this new malware attack, HKCERT advised the public to stay vigilant of suspicious e-mails and attachments. Besides that, they also told internet users to regularly backup their data and keep an offline copy of the backup, and turn off the macro feature of Microsoft Office.

Lastly, HKCERT reminded the public to install security software on their devices and keep the system updated with security patches.