Jigsaw Ransomware: ‘Pay or I will delete all your files.’

Apr 21, 2016360TS

Jigsaw Ransomware: ‘Pay or it will delete all your files.’

‘I want to play a game with you. ‘

If you have seen the horror movie, Saw, then you must be impressed by this line ‘I want to play a game with you.’ But have you imagined that this threat could happen in real life?

A recent menacing ransomware named Jigsaw, also known as BitcoinBlackmailer.exe, is in the wild. This malware threats to delete victims’ files if they cannot pay a $150 or 0.4 Bitcoin ransom in one hour. If infected, users will see Billy the puppet from Saw on the screen with an extortion message, and then their files will be locked down.

More than 240 types of files are targeted

Jigsaw not only features the horrifying puppet image but also sets a tight deadline for ransom payment. In addition to display a countdown clock to remind the remaining time, this malware also increases the pressure on victims with multiple warnings. Failing to pay the ransom within 60 minutes leads to the deletion of one file. Another hour of delay causes two files erased. As time passes by, the number of files deleted increases exponentially.

According to security researchers, the list of targeted file types includes more than 240 different file extensions. Jigsaw first scans users’ drives for files with these extensions and encrypt them. Then it adds a .FUN, .KKK, .GWS or .BTC extension to the filename.

More than 240 types of files are targeted

Decryption tool released by security researchers

So far, the impact of Jigsaw still remains unknown. However, it has been proved that a victim may be infected through a fake Firefox browser download file. Fortunately, a tool to decrypt and save files back has been developed. Security researchers Michael Gillespie, Lawrence Abrams and other computer experts from MalwareHunterTeam analyzed this malware and found it adopting AES algorithm for encryption. With this information, they built a decryption tool that can generate keys to unlock encrypted files. They urged users already hit by Jigsaw to download this tool as soon as possible, for the author of Jigsaw may be irritated and patch the malware. Once succeeding in decryption, users are also encouraged to adopt an antivirus program to conduct a thorough scan for infections.