JAFF Ransomware Protection
Symantec has observed the Necurs botnet sending out the JAFF Ransomware in its latest attacks. We have seen high volume counts of these attacks being blocked since May 11th in the .Cloud infrastructure. The emails observed contain subject and body content related to a recent scan, copy, document or invoice. The emails also contain a malicious PDF attachment.
The PDF is crafted so that once opened the end user will be asked to open the embedded doc file. This embedded doc file contains malicious macros inside of it, that if executed will download and install the JAFF Ransomware.
Symantec Endpoint and .Cloud Products are blocking these emails as: · Trojan.Pidief · Trojan.Mdropper · W97M.Downloader
The JAFF payload is being detected as:
· Ransom.Enciphered
-
Email Security.cloud
- Americas
- Japan
- Europe, Middle East & Africa
- Asia Pacific
Find Your Subscription
We’ll find your subscription and send you a link to login to manage your preferences.
Check Your Inbox
We’ve found your existing subscription and have emailed you a secure link to manage your preferences.
Subscribe to Status Updates
We’ll use your email to save your preferences so you can update them later.
-
Email{{ value }}
-
Text Message{{ value }}
-
Slack
-
Microsoft Teams{{ value }}
-
Google Chat
Subscribe to other services using the bell icon on the subscribe button on the status page.
Unsubscribe Completely?
You’ll no long receive any status updates from Broadcom Service Status, are you sure?
{{ error }}
You’re Unsubscribed!
We’ll no longer send you any status updates about Broadcom Service Status.