What is Jigsaw ransomware and how to get rid of it?

Jigsaw is a new Trojan-ransomware that not only encrypts files, but also gives the victim an effective incentive not to delay with the ransom payment. To do this it removes the documents from the hard drive one after another until the ransom is paid. However, there is no guarantees that it will stop removing documents and decrypt them after paying the ransom. Therefore, it is highly recommended to not support the cyber criminals and in any circumstance do not pay the ransom.

Once launched, the jigsaw ransomware searches for files on the hard drives of the computer. It is looking for 226 different types of files and encrypts them using the AES algorithm, and also renames, adding the extension .fun (can be renamed to other extensions such as .gws, .kkk and .btc). When all of the victim’s files are encrypted, the malware displays a portrait of the jigsaw doll from the movie “Saw”. In addition to the portrait there will be attached a note threatening and demanding ransom. Usually the demanded ransom amount is 0.4 BTC (around $180 at current exchange rate). In that case, if the victim refuses to pay the ransom within 1 hour after the infection, Jigsaw will remove one of the encrypted files. After that, with each passing hour it will be removing more and more files. It is not recommended to shut down or restart the computer, once you do that, a thousand files will be removed immediately.

To avoid the infection with Jigsaw ransomware we recommend to avoid visiting dubious website, open spam email attachments or click on suspicious pop-up ads. Also, never download and install freeware programs from unofficial websites, because most of the times they contain bundled malicious programs. During the installation it is highly recommended to read the user’s agreement and opt for custom installation, to be able to unselect optional installs. Keep your system with the latest updates and also do not forget to update your antivirus software on daily basis.

Malware experts Michael Gillespie, Lawrence Abrams and a group of hackers MalwareHunterTeam have developed a program JigSawDecrypter, which decrypts the encryption of Jigsaw. Before its launch, you must manually stop the following processes: firefox.exe and drpbx.exe (these names are usually disguised Trojan processes). If the program didn’t work for you, there are few other options. First of all, you can try to restore your system to previous date, however you will need to get rid of the Jigsaw Trojan first, otherwise it will infect the system once again. To remove Jigsaw Trojan we recommend to download our automatic removal tool and scan your computer for threats, it will do all the removal job for you. Another way is to restore from the backup.