A group of online hackers is using their sense-of-humor – and an indisputable love for Saw movie series – to rob people off their Bitcoin.
The said group has launched a notorious ransomware attack on personal and private computer networks all across the world. Amusingly, the ransomware is named after the antagonist of the SAW series – the trike-riding menace known as Jigsaw.
According to the available reports, the said bitcoin ransomware is beating even its predecessors in terms of intimidation. The malware creates a sense of urgency among the victims by deleting files until the ransom demand is met. Therefore, from one’s point of view, victims could either submit to the blackmail, or lose their precious data to a digital villain.
It happens like this: Once a computer is infected by the Jigsaw Bitcoin ransomware, the victim gets 24 hours to think through various scenarios and make up his/her mind about paying the ransom ranging anywhere between $20-$200 in bitcoin. Once 24 hours are passed, the timer reportedly kicks in, and starts deleting files with each passing hour. To make matter further worse, the number of targeted files keep mounting with time. Once the 72-hour mark is passed, any remaining files on the affected computer gets wiped clean.
Got any ideas to circumvent the ransomware? Jigsaw discourages the user from doing so with a nice little warning which says “Try anything funny and the computer has several safety measures to delete your files”. Attempts to reboot the computer will lead to deletion of about 1000 files as a penalty.
BUT THERE IS A SOLUTION
If your computer is infected by Jigsaw ransomware, fret not for there is a solution available. The peeps from Bleeping Computer have come up with decryption solution along with the step-by-step instruction to recover the computer from the said infection. According to their website, the ransomware targets about 200 different file extension types depending upon the malware’s version.
Once infected Jigsaw will create a list of encrypted files and adds a bitcoin wallet address into the system files. The ransomware also adds an entry to the autorun feature, enabling it to run each time the user logs into the system. Currently available in two versions – English and Portuguese – the ransomware can be removed after decrypting the files by using Jigsaw decrypter available for download here.
In order to do that, the user would first disable firefox.exe and drpbx.exe processes in the Task Manager, and disable firefox.exe from executing during startup. Once done, run Jigsaw decrypter to decrypt the C drive. This should help solve the issue without having to pay the ones responsible for infecting the computers.
Thankfully, Jigsaw is not as invulnerable as its few other counterparts and it can be easily removed without causing much harm to the files. However, all this trouble can be prevented if users take some extra care while using the internet. A good antivirus and antimalware program with latest updates followed by few best practices when it comes to browsing and checking emails should do the trick.
Ref: GEEK | Bleeping Computer | Webtekno | Image: MoviePilot