One particular element that marked Jaff out from other forms of ransomware is that it demands a much higher fee for releasing encrypted files, demanding 1.79 Bitcoins, a figure currently equivalent to almost $4,000, and far more than the $500 to $1000 requested by most ransomware campaigns.
As is the case with many other ransomware campaigns, the payload is delivered via a malicious attachment in a phishing email, which encrypts files once the compromised PDF is opened.
However, now those who find themselves infected with Jaff can decrypt their files for free, no matter which version of the ransomware they've been compromised by.
"We have found a vulnerability in Jaff's code for all the variants to date. Thanks to this, it is now possible to recover users' files (encrypted with the .jaff, .wlu, or .sVn extensions) for free," Kaspersky Lab's Fedor Sinitsyn said.
Victims simply need to download the RakhniDecryptor tool from Kapersky Lab and run it to decrypt all files affected by Jaff, which has mostly infected victims in China, India, Russia, Egypt and Germany.