New Jigsaw Ransomware Encrypting and Deleting Files to Force Ransom Payment

jigsaw_ransom_note-100655593-largeWith the advent of Ransomware, the security of data and computer files is pivotal. To gain undue advantage one more nasty Ransomware has emerged for encrypting files and added to the existing list. As soon as Jigsaw Ransomware has been released, is creating turmoil in the Cyber world by encrypting files and holding them as hostage. They further pressurize victims to pay a Ransom amounting to US $ 160 or 0.4 Bitcoins (appx). Moreover the users are given a short time frame for the payment of this amount if they do not want to get their files deleted. This is more shocking for the users and create a state of urgency for payment of the ransom. This has been clearly stated in the ransom note that has been attached along with the encrypted files. This has been found to be true as Jigsaw Ransomware has deleted more than 1000 files after every reboot.

It is known to have launched a payload that can target as much as 226 different types of files and can badly encrypt them using an AES algorithm renaming it with .fun extension. It means all the files that are encrypted will be ending with .fun extension. Even if users attempt to change and rename the extension, it will not be possible to do so. Thus the files becomes completely inaccessible.

Each file is deleted by this Ransomware per hour as it maintains a period of 60- minute cycle. There are possibilities of deletion of more number of files as this cycle period lapses and the payment is not made. What is more concerning is the fact that in case if specified ransom payment is delayed and the period exceeds more than 72 hours, entire files will be deleted if reports are to be believed. This came as a warning from the creators of Jigsaw Ransomware along with a image bearing a mask of Jigsaw killer resembling that of popular horror movies Saw Series. This has been quoted by BleepingComputer.com as the first instance which has been carried out by ransomware threat.

Reference: http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/

What comes as a major respite, there has been method to decrypt files that has been locked and encrypted by Jigsaw Ransomware and that too without coughing up of hefty ransom amount to hackers. Isn’t it a great news?. Definitely it will ease out the tension to a great extent.

However one need to follow the instructions given below carefully as it requires a little bit of computing skills for performing this manual task. Users need to open Windows Task Manager and search for processes named with firefox.exe or drpbx.exe. Once found it must be terminated ASAP. Actually this is the files are being created by Jigsaw Ransomware on Computer. Further they need to launch and load Windows MSConfig utility in order to disable all the startup entries as

%UserProfile%\AppData\Roaming\Frfx\firefox.exe.

Once done, this will prevent the malicious process from bein running every time the compromised PC boots up. This will also prevent further deleting of the files by Ransom Virus. Further

http://www.arnnet.com.au/article/597804/jigsaw-crypto-ransomware-deletes-more-files-longer-delay-paying/