Ransomware threats have undoubtedly shaken up the malware landscape as we know it. With the emergence of new and aggressive ransomware threats come variations that experiment with other actions, such as the Jigsaw Ransomware threat that is deleting files on infected computers instead of only performing the traditional encryption activities.
What has been uncovered about the relatively new malware threat that we know to be Jigsaw Ransomware, is that it is launching a payload that targets 226 different file types to encrypt them with an AES algorithm adding the .fun extension at the end of all encrypted files. More surprisingly, Jigsaw Ransomware can delete files one-by-one as it forces computer users to pay a ransom fee of 0.4 Bitcoins ($160) to obtain a decryption key.
Ransomware creators are becoming audacious in the approach to collect ransom fees. With the release of Jigsaw Ransomware, it is apparent of their urgency and forceful nature in obtaining ransom fees by threatening to delete files if the fee is not paid in time, which is clearly relayed in the ransom notification.
Computer security experts from @MalwareHunterTeam found that the threat of Jigsaw Ransomware deleting files is legitimate. In fact, Jigsaw Ransomware will delete up to 1,000 files after ever PC reboot, which may eventually leave a system useless and unable to boot in some circumstances. If the Jigsaw Ransomware is left to run, the notification it displays will perform a countdown and start deleting files until you make the ransom payment.
Probably the only good thing to come out of the new Jigsaw Ransomware threat is that Malware analyst Michael Gillespie discovered a method to decrypt files that were encrypted by Jigsaw Ransomware without paying the ransom fee. Gillespie explains that to decrypt files locked by Jigsaw Ransomware you must stop the ransomware's process, open the Task Manager, find firefox.exe and the drpbx.exe processes and shut those down also. After all three processes have been stopped, you can then obtain the JigSawDecrypter application and then launch it to start decryption of your files.
Computer users must also note that Jigsaw Ransomware itself must be removed once files are decrypted or they run a risk of allowing the files to be encrypted again and potentially deleted upon a system reboot.
We are not surprised to discover a new ransomware threat that has evolved to the point of now deleting files on top of the already destructive action of encrypting files. In the near future we expect additional functions to be added onto new ransomware threats as they have naturally proven to be the most aggressive, destructive and lucrative form of computer malware that we have ever seen.
What computer users can do now to help prevent their system from being infected by ransomware is to utilize caution when downloading or opening email attachments as spam email remains to be the primary method of spreading ransomware threats. Moreover, it is essential to back up your hard drive, so you have a method of restoring your files in the dire case that your system succumbs to ransomware like Jigsaw Ransomware and your files are encrypted or deleted.