Hacker's Playbook Updated with JAFF Ransomware Methods
SafeBreach Labs has updated the Hacker's Playbook™ with simulations for JAFF Ransomware. Customers can use these simulations to safely test their security controls against the specific tactics and techniques used in this campaign.
The JAFF ransomware is distributed via the Necurs Botnet, which leverages spam email to distribute a malicious .PDF file. Opening this file executes a Microsoft Word document that contains a malicious macro, which downloads the actual JAFF ransomware resulting in data encryption.
To assess security control effectiveness against JAFF, the SafeBreach Continuous Security Validation Platform specifically tests the following endpoint and network security controls:
Playbook #1301 - Initial download via HTTP/S
Playbook # 1302 - Writing malware to disk
Playbook # 1303 - Writing malware to disk
Playbook #1304 Transfer via HTTP/S
In addition to these JAFF specific methods, customers can test security control effectiveness against other malware distributed via the Necurs Botnet, such as Locky and Dridex, with the existing playbook methods: #275, #310, #358, #578, #710, and #954.
The SafeBreach Hacker's Playbook™ of breach methods simulates these breach scenarios, and thousands more, without impacting users or infrastructure. Breach methods are constantly updated by SafeBreach Labs, our team of offensive security researchers, to help keep customers ahead of attacks.
In order to search, view or list the contents of a specific playbook ID within SafeBreach Platform, please follow this support KB article.