Error: no file object

Jaff, the frightful blackmailer, is disenchanted

The security team at Kaspersky has meanwhile found a vulnerability in the code of the Ransomware Jaff. With one on 15.05. published decryption tool, affected victims can decrypt their data again.

Decryption tool RakhniDecryptor

As reported in the Internet since May 2017 a new ransom trojan called Jaff encrypts the files found on Windows systems and pretends to allow decryption only against cash payments.

The security team of Kaspersky has already disenchanted with the release of a free decryption tool. The development of the decryption tool, which has been baptized in the name of RakhniDecryptor, was discovered by an attentive Kaspersky expert.
Where exactly the program code has its archilles heirs, is currently not published by Kaspersky.

So if you do not have backups of your files and do not want to pay a ransom, which would be naive anyway, the tool is available here for free download.

RakhniDecryptor in the current version should be able to crack all Jaff versions in circulation. Specifically, here we speak of encrypted files with the suffixes .jaff, .wlu and .svn.

Once the victims have unpacked and started the program using an archive program (e.g., 7zip), the scan process is initiated by clicking on "Start Scan". Then the path to one of the encrypted files and the blackmail message must be selected.
In addition, you can determine which hard disks and network shares should be included in the scan.
In addition, you have the option to immediately delete the encrypted files after decryption. This is deactivated by default, which also makes sense. If the decryption is error-prone or fails for another reason, the files with the option activated would be permanently lost.

Better in this case is the application of the CryptoSearch tool on Windows. With this tool, you can find encrypted files scattered over the hard disks and store them in a directory. Kaspersky also offers more detailed information about how to use its decryption tool.