Jump to content

jaff ransomware


Recommended Posts

one of my client using eset on 200 PCs with ERAS badly infected by jaff ransomware.

the infection was noticed on a NAS drive which was shared as a drive on few PCs. today all the PCs having the NAS disk drive as a share are down. eset is installed on all computers.

matter urgent & very serious.

any help will be appreciated.

Link to comment
Share on other sites

  • Administrators

It's Filecoder.NLI. We are currently analyzing it and therefore it's impossible to tell now if decryption will be possible or not.

Make sure that:
- the latest version of ESET (v6) is installed on all machines in LAN
- LiveGrid is enabled
- HIPS, Advanced Memory Scanner, Exploit Blocker and Self-defense is enabled
- no dangerous exclusions are set
- all Windows hotfixes are installed

I'd also recommend protecting ESET settings with a password and disabling or at least securing RDP.
 

Link to comment
Share on other sites

  • 3 weeks later...
On 12.5.2017 at 9:11 PM, Marcos said:

It's Filecoder.NLI. We are currently analyzing it and therefore it's impossible to tell now if decryption will be possible or not.

Make sure that:
- the latest version of ESET (v6) is installed on all machines in LAN
- LiveGrid is enabled
- HIPS, Advanced Memory Scanner, Exploit Blocker and Self-defense is enabled
- no dangerous exclusions are set
- all Windows hotfixes are installed

I'd also recommend protecting ESET settings with a password and disabling or at least securing RDP.
 

hello marco,

do you have new informations for us?

1. the virus was download by loading via an spam mail.
2. the mail has a zip-in-zip file without password.
3. why can start users on a ts-server the script.
4. the scanengine has not stop the  download and user-process.

why?

Link to comment
Share on other sites

  • Administrators

Files encrypted by Filecoder.Jaff can be decoded. As for the script, if you have an undetected one, please submit it to ESET as per the instructions linked in my signature. Once a detection has been added, it must be detected and blocked upon access.

Link to comment
Share on other sites

3 hours ago, Marcos said:

Files encrypted by Filecoder.Jaff can be decoded. As for the script, if you have an undetected one, please submit it to ESET as per the instructions linked in my signature. Once a detection has been added, it must be detected and blocked upon access.

Ok, how can i find the tool for decoding???

what file is needed, i have the spam mail with the zip-in-zip file whitch include the script. or is the "virus" needed, i have the files collected via a testmachine in a virtual-pc.and i have grabbed the domain-names the needed by virus

where should i send it all

thx mathze

Edited by mathze
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...