• Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Archives
    Archives Contains a list of blog posts that were created previously.
  • Login
    Login Login form

In a new twist, Jaff ransomware linked to dark web forum owners

Posted by on in Deep Web
  • Hits: 1747


It’s well-known in cybersecurity circles that those behind various forms of malware often sell the data they steal on the dark web, the sometimes shady sites reachable only through specialized software. Now, in an interesting twist, a dark web forum may be behind a recently launched new form of malware, according to newly published research.

The claim comes from Andra Zaharia, a security evangelist at Heimdal Security, who writesthat researchers at the company have discovered that Jaff shares server space with a cybercrime dark web store that provides access to tens of thousands of compromised bank accounts.

“Banks from all over the world are listed,” Zaharia said. “Other types of user accounts that include financial data are available as well. Unsuspecting Internet users who have shopped online at Apple, Bed, Bath & Beyond, Barnes & Noble, Best Buy, Booking.com, Asos.com and many other e-commerce portals can become victims of cyber fraud or other types of malicious activity.”

The Jaff ransomware first appeared in early May around the same time WannaCry first appeared, if not with the same mainstream media attention. Jaff is far closer in type to a previous form of ransomware called Locky that ran riot in 2016 and even uses the same payment site template, though there are some differences, including the use of infected PDF files with an embedded “DOCM” file that contains a malicious macro script. Once through the door of a victim’s computer, Jaff encrypts files and demands a ransom of 2 bitcoin, which equals about $5,130.

According to Zaharia, the Russians are actually to blame. The server behind Jaff and the related dark web marketplace was traced to St. Petersburg.

“By combining these informational assets, cybercriminals are engaging in both the long game, required to monetize stolen card data, and in quick wins, such as targeted ransomware attacks, whose simpler business model yields a fast return on investment,” Zaharia added.

Source: This article was published siliconangle.com By DUNCAN RILEY


Rate this blog entry:


airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media