New ransomware outbreak spreads to Hong Kong: HKCERT

In the wake of the global WannaCry ransomware outbreak, Hong Kong's Computer Emergency Response Team Co-ordination Centre (HKCERTNew ransomware outbreak spreads to Hong Kong: HKCERT) has warned that another ransomware is active in Hong Kong.

HKCERT said it has received 31 incident reports involving the WannaCry ransomware since the campaign over the weekend, but the attack seems to have come to a halt with no new incident reported on Wednesday.

But even with the WannaCry outbreak being detained, a new ransomware has been found making the rounds. HKCERT said it has received one report of a Jaff ransomware attack in Hong Kong.

Jaff is being propagated through massive spam campaigns, with the subject lines of the malicious emails often containing a single word (such as  “Copy”, “Document”, “Scan”, “File” or “PDF”) followed by a random number. Other carrier emails have the subject line “Scanned Image.”

The emails are being used to propagate a PDF file containing an infected embedded Microsoft Word document. Victims are instructed to open the PDF file, then open the Word document as instructed. Once the document is open users are requested to enable editing, which executes the macro feature to download and install ransomware onto the victim's computer.

The Jaff ransomware will encrypt an infected computer's files and demand victims pay a ransom of 2 Bitcoins, worth around HK$28,000.         

HKCERT is urging internet users to regularly backup their data and keep an offline copy of this backup, disable the macro feature of Microsoft Office and stay vigilant of suspicious emails and attachments.

Users have also been advised to keep their computers updated with security patches and install security software.