Jigsaw Ransomware

Jigsaw Ransomware Description

The Jigsaw Ransomware is a ransomware Trojan that threatens to delete the computer users' files if they don't pay the ransom or if the victims reboot the infected computers. Unfortunately, the Jigsaw Ransomware does follow up on its threat to delete the victim's files. Fortunately for computer users, a decryption utility for the Jigsaw Ransomware and some of its variants is freely available, meaning that computer users may not be forced to pay the Jigsaw Ransomware ransom to regain access to their files. However, victims of the Jigsaw Ransomware should not reboot their computers if they have been infected with this threat.

The Jigsaw that will not Entertain You

The Jigsaw Ransomware was detected by PC security analysts recently. The Jigsaw Ransomware threatens to delete the victim's files if the ransom is not paid within a specific time frame. Unlike many other threats, however, the Jigsaw Ransomware also prevents the victim from rebooting the infected computer, threatening to delete the victim's files if this happens. Currently, it is unknown how the Jigsaw Ransomware may enter the victim's computer. Once the Jigsaw Ransomware is launched, it targets 226 different file extensions. Like most ransomware Trojans, the Jigsaw Ransomware uses an AES encryption algorithm to encrypt these files, adding the file extension FUN to the end of each encrypted file. Once the Jigsaw Ransomware has encrypted the victim's files, the Jigsaw Ransomware displays a ransom note. The Jigsaw Ransomware and its variants are well-characterized because they use a picture of the iconic villain from the Saw movie franchise in their ransom note. This is the main reason for this ransomware's name. Apart from using this character, they also are characterized by their use of an attack that involves deleting a file every hour and every time the Jigsaw Ransomware executable file starts up.

Dealing with the Jigsaw Ransomware

The Jigsaw Ransomware demands the payment of 0.4 BitCoin, which at current exchange rates averages to about $160 USD. Unfortunately, the Jigsaw Ransomware is designed to force computer users to act quickly. The Jigsaw Ransomware threatens to delete some of the files permanently every hour that the ransom is not paid. Unfortunately, the Jigsaw Ransomware follows up on its threats and deletes files every hour and, every time the infected PC is rebooted, the Jigsaw Ransomware will delete an additional one thousand files! However, unlike many other ransomware Trojans out there, the Jigsaw Ransomware can be decrypted without having to pay the ransom. PC security analysts recommend taking the described steps to remove the Jigsaw Ransomware:

  1. The first thing that you'll need to do to deal with the Jigsaw Ransomware is to stop it's memory processes. This will ensure that the Jigsaw Ransomware does not continue to operate in the background, which may interfere with your attempts to close it or delete additional files. To do this, go to the Windows Task Manager and look for the file process firefox.exe and drpbx.exe (it is obvious that the names of these executable files are meant to confuse computer users into believing that they belong to Firefox and Dropbox).
  2. Once you've identified the file processes related to the Jigsaw Ransomware, stop them completely by ending the process in the Task Manager.
  3. Download the JigsawDecrypter utility, available through reputable security websites, unzip the archive file, and launch it. Follow the instructions contained in this decryption utility to recover your files and remove the Jigsaw Ransomware from your computer entirely.
  4. Use a reliable security program that is fully up-to-date to ensure that both the Jigsaw Ransomware and any other threats that may have been involved in delivering this threat to your computer have been removed from your computer completely.
  5. Once you have recovered from the Jigsaw Ransomware infection, malware researchers strongly recommend taking steps to ensure that your computer is fully protected from additional threats. Malware analysts advise updating any security protocols to ensure that no spam email attachments or another suspicious content are accessed on the infected computer. A strong firewall, anti-spam filter, and security software are also good ways of preventing the Jigsaw Ransomware and other infections from entering your computer in the future.

Technical Information

File System Details

Jigsaw Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 %SYSTEMDRIVE%\users\volkanoz\appdata\local\drpbx\drpbx.exe 2,079,744 3cad3391255a1142c5f0724fcf8cca35 2
2 %SYSTEMDRIVE%\users\ok\appdata\roaming\frfx\firefox.exe 272,384 6c92e26b1c25a7a453fe61ca9c0d07f1 2
3 file.exe 252,421 e62917bbe39c6363005881fa8f9c4af8 0
More files

Registry Details

Jigsaw Ransomware creates the following registry entry or registry entries:
Directory
%APPDATA%\frfx
%appdata%\google (x86)
%APPDATA%\System32Work
%APPDATA%\WIND0WS
%LOCALAPPDATA%\Google (x86)
%LOCALAPPDATA%\MICR0SOFT
Regexp file mask
%LOCALAPPDATA%\Drpbx\drpbx.exe

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.