Jigsaw crypto-ransomware deletes more files the longer you delay paying

Malware researchers have released a tool that can decrypt files affected by the new threat

Understanding how to buy bitcoins and pay ransomware authors for decryption keys is hard enough, yet some cybercriminals now expect their victims to do it in under an hour if they want all of their files back.

A new ransomware program dubbed Jigsaw encrypts users' files and then begins to progressively delete them until the victim pays the equivalent of US$150 in Bitcoin cryptocurrency.

The ransomware deletes one file after the first hour has passed and then increases the number of files it deletes in every 60-minutes cycle. If no payment has been made within 72 hours, all remaining files will be deleted.

"Try anything funny and the computer has several safety measures to delete your files," the program's creators warn in their ransom message that's accompanied by a picture of the Jigsaw killer's mask from the horror film series Saw.

That's not an idle threat. According to computer experts from tech support forum BleepingComputer.com, the ransomware program deletes 1,000 files every time the computer or its own process is restarted.

jigsaw ransom note BleepingComputer.com

The ransom note displayed by the Jigsaw ransomware program.

"This is the first time that we have seen these types of threats actually being carried out by a ransomware infection," said BleepingComputer.com founder Lawrence Abrams in a blog post.

The good news, for now, it that malware experts have devised a method to decrypt files affected by Jigsaw without paying the ransom.

The first thing that users affected by this ransomware program should do is to open the Windows Task Manager and terminate all processes named firefox.exe or drpbx.exe that were created by the ransomware, Abrams said. Then they should launch the Windows MSConfig utility and disable the startup entry that points to %UserProfile%\AppData\Roaming\Frfx\firefox.exe.

This will stop the file deletion process and will prevent the malware from restarting when the system boots up.

They can then download the Jigsaw Decrypter utility hosted by BleepingComputer.com and decrypt their files. When that's done it's highly recommended that users download an up-to-date anti-malware program and perform a full scan of their computer to completely remove the ransomware.

In November, another ransomware program dubbed Chimera threatened to leak users' files on the Internet. However, no evidence has been found that the program actually had the capability to do this.

By comparison, Jigsaw does deliver on its threats and marks a worrisome evolution of ransomware threats. While security experts managed to find a method to decrypt files this time, there's no guarantee that they'll be able to do the same for future versions. Ransomware creators are typically quick to fix their errors.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?