Threat Database Ransomware Jigsaw Ransomware

Jigsaw Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 4,359
Threat Level: 100 % (High)
Infected Computers: 4,669
First Seen: April 12, 2016
Last Seen: September 19, 2023
OS(es) Affected: Windows

The Jigsaw Ransomware is a ransomware Trojan that threatens to delete the computer users' files if they don't pay the ransom or if the victims reboot the infected computers. Unfortunately, the Jigsaw Ransomware does follow up on its threat to delete the victim's files. Fortunately for computer users, a decryption utility for the Jigsaw Ransomware and some of its variants is freely available, meaning that computer users may not be forced to pay the Jigsaw Ransomware ransom to regain access to their files. However, victims of the Jigsaw Ransomware should not reboot their computers if they have been infected with this threat.

The Jigsaw that will not Entertain You

The Jigsaw Ransomware was detected by PC security analysts recently. The Jigsaw Ransomware threatens to delete the victim's files if the ransom is not paid within a specific time frame. Unlike many other threats, however, the Jigsaw Ransomware also prevents the victim from rebooting the infected computer, threatening to delete the victim's files if this happens. Currently, it is unknown how the Jigsaw Ransomware may enter the victim's computer. Once the Jigsaw Ransomware is launched, it targets 226 different file extensions. Like most ransomware Trojans, the Jigsaw Ransomware uses an AES encryption algorithm to encrypt these files, adding the file extension FUN to the end of each encrypted file. Once the Jigsaw Ransomware has encrypted the victim's files, the Jigsaw Ransomware displays a ransom note. The Jigsaw Ransomware and its variants are well-characterized because they use a picture of the iconic villain from the Saw movie franchise in their ransom note. This is the main reason for this ransomware's name. Apart from using this character, they also are characterized by their use of an attack that involves deleting a file every hour and every time the Jigsaw Ransomware executable file starts up.

Dealing with the Jigsaw Ransomware

The Jigsaw Ransomware demands the payment of 0.4 BitCoin, which at current exchange rates averages to about $160 USD. Unfortunately, the Jigsaw Ransomware is designed to force computer users to act quickly. The Jigsaw Ransomware threatens to delete some of the files permanently every hour that the ransom is not paid. Unfortunately, the Jigsaw Ransomware follows up on its threats and deletes files every hour and, every time the infected PC is rebooted, the Jigsaw Ransomware will delete an additional one thousand files! However, unlike many other ransomware Trojans out there, the Jigsaw Ransomware can be decrypted without having to pay the ransom. PC security analysts recommend taking the described steps to remove the Jigsaw Ransomware:

  1. The first thing that you'll need to do to deal with the Jigsaw Ransomware is to stop it's memory processes. This will ensure that the Jigsaw Ransomware does not continue to operate in the background, which may interfere with your attempts to close it or delete additional files. To do this, go to the Windows Task Manager and look for the file process firefox.exe and drpbx.exe (it is obvious that the names of these executable files are meant to confuse computer users into believing that they belong to Firefox and Dropbox).
  2. Once you've identified the file processes related to the Jigsaw Ransomware, stop them completely by ending the process in the Task Manager.
  3. Download the JigsawDecrypter utility, available through reputable security websites, unzip the archive file, and launch it. Follow the instructions contained in this decryption utility to recover your files and remove the Jigsaw Ransomware from your computer entirely.
  4. Use a reliable security program that is fully up-to-date to ensure that both the Jigsaw Ransomware and any other threats that may have been involved in delivering this threat to your computer have been removed from your computer completely.
  5. Once you have recovered from the Jigsaw Ransomware infection, malware researchers strongly recommend taking steps to ensure that your computer is fully protected from additional threats. Malware analysts advise updating any security protocols to ensure that no spam email attachments or another suspicious content are accessed on the infected computer. A strong firewall, anti-spam filter, and security software are also good ways of preventing the Jigsaw Ransomware and other infections from entering your computer in the future.

SpyHunter Detects & Remove Jigsaw Ransomware

File System Details

Jigsaw Ransomware may create the following file(s):
# File Name MD5 Detections
1. drpbx.exe 3cad3391255a1142c5f0724fcf8cca35 2
2. firefox.exe 6c92e26b1c25a7a453fe61ca9c0d07f1 2
3. firefox.exe 33fcc8abbc885083646a4079903971bb 2
4. file.exe e62917bbe39c6363005881fa8f9c4af8 0
5. file.exe 163811311d2ed56d0ac56cb1ad158a26 0
6. file.exe cd38cdcb4beafe23d450ace1d1179d92 0

Registry Details

Jigsaw Ransomware may create the following registry entry or registry entries:
Regexp file mask


Jigsaw Ransomware may create the following directory or directories:

%LOCALAPPDATA%\Google (x86)
%appdata%\google (x86)

Related Posts


Most Viewed