Skip to main content

HKCERT Advice: Beware of Spam Emails Spreading Jaff Ransomware

Release Date: 17 May 2017 1919 Views

Despite that the WannaCry ransomware attacks on computer users seem to come to a halt with no new incident reported today (17 May 2017), the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council urged the public to keep up their vigilance. Since the outbreak of the attack on 13 May 2017, HKCERT has received 31 incident reports on the WannaCry ransomware.


Meanwhile, another ransomware, Jaff, is becoming active. The malware was being spread through massive spam campaigns. The subject of the spam email follows a certain pattern, with a single word which could be “Copy”, “Document”, “Scan”, “File”, “PDF”, etc, followed by a random number (e.g. Copy_12345). Another subject format merely uses “Scanned Image”. As of today, HKCERT has received one incident report.


The email attachment is a PDF file containing an embedded Microsoft Word document. Users have to open the PDF file, and then open the Word document as instructed. Once the document is open, they are requested to enable editing. By doing so, the macro feature is executed to download and install the malware to the victim’s computer.


The ransomware will encrypt the victim’s files on the computer and demand a ransom of 2 Bitcoins, equivalent to HK$28,000.


To tackle the Jaff ransomware attack, HKCERT advises Internet users to regularly backup data and keep an offline copy of the backup, and stay vigilant of suspicious email and attachments. The macro feature of Microsoft office should be turned off. In addition, users are advised to keep the system updated with security patches and install security software.


For incidents reporting or enquiries, please contact the HKCERT hotline at tel: (852) 8105 6060, or email: [email protected].