The new family of Jaff ransomware was discovered by Brad Duncan (a security researcher) that has a new design for the ransom note and a new WLU extension for encrypted files. Same to the first variant of Jaff ransomeware, this new version continues to be spread through spam campaigns that use malicious documents to download infect computer with ransomware.
In past, Jaff ransomware was adding the .jaff extension to the encrypted files and requesting around 2 Bitcoin for the payment. The infection vector was .PDF files sent as attachments in spam emails.
But now the ransomware appends the .wlu extension to the encrypted files and uses a new note with green fonts on a dark background. The researcher also said that the ransomware creators ask for a 0.35630347 Bitcoin for the payment now.
The new Jaff ransomware attack is being spread through messages that appear to be invoices. Victims receive emails with subjects like such as Copy of Invoice 99483713 or Invoice(58-0710), and they include an evil PDF attachment.
Unfortunately, there is no any decryption tool to decrypt .wlu files that encrypted by the Jaff Ransomware. Read this article to know how to fight against ransomware.
Ref: Latest Hacking News