Question
Issue: How to Recover Files Encrypted by Jaff Ransomware?
Hello, today my files were encrypted by a malicious computer virus called Jaff ransomware. It has corrupted all files and added .sVn file extensions to them. I heard that there is a decrypter for earlier versions of this ransomware, the ones that were using .wlu or .jaff file extensions. Is there any way to decrypt .sVn files for free?
Solved Answer
Jaff ransomware virus is a malicious computer program that is rapidly distributed with a help of Necurs botnet. Currently, there are three versions of the ransomware, and each of them adds different file extensions and uses different names for the ransom notes:
- .jaff file extension virus used to drop ReadMe.txt, ReadMe.html and ReadMe.bmp file;
- .wlu file extension virus dropped these files: README_TO_DECRYPTI.txt, README_TO_DECRYPTl.bmp, README_TO_DECRYPT.html;
- .sVn file extension virus uses the following names for the ransom notes: !!!!README_FOR_SAVE FILES.txt and !!!SAVE YOUR FILES.bmp. The latest variants leave !!!!!SAVE YOUR FILES!!!!.txt and !!!SAVE YOUR FILES!.bmp files.
While some security researchers believed that it might be a variant of Locky ransomware, others proved them wrong. In fact, the virus seemed to be extremely dangerous and sophisticated, although experts from Kaspersky proved that it is only the appearance of the virus that was scary. Jaff decryption tool is available, and it works for all versions of the virus, including .jaff, .wlu, and .sVn variants. If your files were encrypted, you must complete some tasks in a specific order if you want to recover your data and continue using it successfully.
Step 1. Remove Jaff ransomware completely
- Before you try to decrypt your files, remove the ransomware so that it could not interfere with the decryption process.
- Reboot your PC into Safe Mode (see a guide on how to do it here) and launch anti-spyware software such as Reimage. Scan the system with it.
- Remove detected malware and related components.
Step 2. Restore .jaff, .wlu, .sVn file extension files
Method 1. Recover your files using RakhniDecryptor
- Download RahkniDecryptor from official Kaspersky website.
- Check if the decryptor’s version is 1.21.2.1 (or higher).
- Click Start scan and then choose the folder that contains files you want to decrypt.
- The decryptor should ask you to select a ransom note. Find it, select it and click Open.
- Wait until the decryptor restores all files from your selected folder.
- Repeat 3-5 step with every folder that contained important files.
In case you were infected with an updated version of the Jaff malware, the decryptor might now work. In such case, try one of the following techniques:
Method 2. Run a scan with Data Recovery Pro
- Install Data Recovery Pro according to information provided by its installer.
- Launch it and scan the system to detect files that can be recovered.
- Restore them.
Method 3. Use Volume Shadow Copies
Volume Shadow Copies can be used in case the computer virus leaves them on the system after encrypting all files. The majority of such malicious programs delete these copies so that the victim couldn’t recover encrypted files without paying the ransom. We have already provided a comprehensive guide on how to restore files using Shadow Volume Copies.
Recover files and other system components automatically
To recover your files and other system components, you can use free guides by ugetfix.com experts. However, if you feel that you are not experienced enough to implement the whole recovery process yourself, we recommend using recovery solutions listed below. We have tested each of these programs and their effectiveness for you, so all you need to do is to let these tools do all the work.
Access geo-restricted video content with a VPN
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
Don’t pay ransomware authors – use alternative data recovery options
Malware attacks, particularly ransomware, are by far the biggest danger to your pictures, videos, work, or school files. Since cybercriminals use a robust encryption algorithm to lock data, it can no longer be used until a ransom in bitcoin is paid. Instead of paying hackers, you should first try to use alternative recovery methods that could help you to retrieve at least some portion of the lost data. Otherwise, you could also lose your money, along with the files. One of the best tools that could restore at least some of the encrypted files – Data Recovery Pro.