Categories: NewsSecurity

Jaff Ransomware Shares Backend Infrastructure With Darknet Marketplace Selling Stolen Financial Data

Not too long ago, we touched upon the Jaff ransomware. This particular type of malware demands a two-Bitcoin payment from its victims, which is quite a steep price right now. However, it appears there is a lot more to this malicious tool than first assumed. Further research unveils a new strain of Jaff has direct ties to an underground marketplace selling stolen bank accounts and credit cards.

Jaff Ransomware Is More Dangerous Than Assumed At First

Heimdal Security researchers have made a rather disturbing discovery where the Jaff ransomware is concerned. A newer version of this malware shares its backend infrastructure with a Darknet forum where criminals can buy and sell bank accounts and stolen credit cards. This is quite troubling, to say the least, as it goes to show there is a lot more to Jaff than people first assumed. This particular marketplace is home to tens of thousands of compromised bank accounts, credit cards, and other types of financial information.

Most people should be well aware of how a ransomware attack is not just about encrypting files these days. While that is the common component across all types of ransomware these days, these malicious tools are often used to steal information from the victim’s computer as well. In the case of Jaff, it appears harvesting information about the victim is a big part of how it operates. This is a common tactic among cybercriminals these days, as the harvested information can be worth quite a lot of money to the right people.

Even though Jaff has not been around all that long, researchers have expressed their concern over the ransomware already. Particularly where the distribution campaign is concerned, as the developers use large-scale email campaigns to distribute a PDF attachment. Once the user downloads the attachments and opens it, they will see a Microsoft Word document asking for specific macro permissions. Granting these permissions results in the ransomware payload being downloaded in the background.

Related Post

It is evident there is much more to this new ransomware strain than originally assumed. Now that we know multiple iterations of this malicious software exist, the question is what other types of Jaff may be capable of. It is possible all versions share the data harvesting trait. After all, having a tool to harvest bank accounts and credit cards broadcast that information directly to a darknet marketplace where this information is sold is quite ingenious.

For the time being, security researchers are still in the process of gathering additional data about Jaff to see how all of its tools work exactly. It is also possible this ransomware shares quite a few similarities with Dridex, Locky, and other malicious software using the Necurs botnet for distribution. It is unclear what this means for the link to the darknet marketplace in question, though. There is a lot more to the entire ransomware ecosystem than we know right now, and it is kind of scary to think of what researchers may uncover over the coming months.

Moreover, it appears Jaff and all of the other malicious tools potentially linked to it mainly target victims in the US, Germany, Spain, and France. On the darknet marketplace, buyers can find targets with the “most potential,” which is a very strange feature. It also appears this stolen information is used to gain access to cash, which is then turned into Bitcoin and other cryptocurrencies. This entire investigation won’t give Bitcoin a good name by any means, that much is evident

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

TRX Price Prediction: Tron Network Fee Cut to Spark New ATH?

Back into Spotlight: Tron Network Fee Cut Could Push TRX to ATH, But This DeFi…

8 hours ago

Altcoin Alert: Crypto Market Cap Breaches Key Level Hinting at an 8000x Rally for this Shiba Inu Killer

Shiba Inu (SHIB) gave enormous returns in 2021, making many early holders millionaires. After the…

12 hours ago

XRP Crash? XRP Falls Below $0.5 Resistance Level as Next Gen Altcoin JetBolt Takes Over

Spooky season might be over but doom is still looming as Ripple’s XRP falls below…

15 hours ago

This New Exchange Token Is Poised for a Price Surge Alongside Cardano and Avalanche – Analysts Predict Huge Gains This November

Three promising altcoins are causing a stir among investors this November: Avalanche (AVAX), Cardano (ADA),…

15 hours ago

With Dogecoin Dipping and TRON Holding, Is Lunex the Hottest Crypto Now?  

Everyone knows what the hottest crypto can do. When it was so hot it was…

15 hours ago

Tron Fees To Be Cut In Half Through Proposal 95, Cutoshi Surpasses $600k As TRX Investors Join CUTO Presale

The Tron network has witnessed incredible growth in several areas, especially in its adoption, which…

16 hours ago