“I want to play a game…” Jigsaw, a Bitcoin Ransomware with the face of Billy the Puppet, deletes files if you don’t give in to the demands. Where the movie fandom can lead: A group of hackers have written a Saw-inspired program to get people rid of their Bitcoin.
The group has launched a ransomware worldwide attack on private computer networks. With a certain sense of irony, they named the Ransomware after the villain at Saw – the insane mass murderer Jigsaw. This Bitcoin Ransomware stands out from its predecessors in terms of meanness: the malware blackmails its victims by deleting files until you respond to the blackmail.
So you have the choice: either you lose your Bitcoin revolution – or your data
If a Jigsaw Bitcoin revolution Ransomware computer is infected, the victim has 24 hours to pay for and against a ransom of 20-200 dollars in Bitcoin revolution. After 24 hours, the malware starts deleting files every hour. With every hour there are more files, which increases the pressure even more. Finally, after 72 hours, all remaining files are deleted.
If you think you have to try any tricks, Jigsaw warns you urgently: “Try something funny and we’ll punish it with delete”. So the reboot of the computer leads to a penalty of 1000 deleted files.
Solution for Bitcoin revolution victims of Ransomware
However, if the computer has already been infected, there are fortunately solutions available. People from Bleeping Coputer have released a decryption solution with a step-by-step guide on how to remove this malware from your Bitcoin revolution.
According to the website, 200 different file extensions are attacked – which depends on the version of the malware. After an infection, Jigsaw will create a list of encrypted files and write a Bitcoin Wallet address into the system files.
The ransomware will also write something to the autostart, so that jigsaw will be opened on login. The Ransomware can be deleted after decrypting the files with a decrypter available in English and Portuguese.
To do this, proceed as follows: Firefox.exe and drpbx.exe are terminated in the task manager and firefox.exe is switched off during the start process. Then the Jigsaw decrypter will be launched to decrypt the drive C.
This should regain power over the computer without having to pay the blackmailers Bitcoin.
Fortunately, Jigsaw is not as invulnerable as some other Ransomware developments and can be quickly deleted without damage to the files.
Of course, the best protection is prevention and so you should look twice at what files you actually open from the net.
A good antivirus and antimalware program up to date and mentioned preventive behavior on the Internet or when reading the mails should be enough to prevent worse.