죄송합니다. 이 페이지의 콘텐츠는 선택하신 언어로 제공되지 않습니다.
Jigsaw ransomware

Jigsaw ransomware

Also known as: Jigsaw, Jigsaw Cryptor, BitcoinBlackmailer

Category: Ransomware

Type: Crypto-ransomware (encryptor)

Platform: Windows

Variants: RANSOM_JIGSAW.H, RANSOM_JIGSAW.I, RANSOM_JIGSAW.WG.

Damage potential: Encrypted or deleted files.

Overview

Cybersecurity experts first discovered Jigsaw ransomware in 2016, quickly making a name for itself as an aggressive and destructive threat. It encrypts files on a victim's computer and demands a Bitcoin ransom payment for decryption. Unlike other ransomware, Jigsaw displays a 24-hour timer, warning victims that the ransom amount will increase or attackers will delete files if the payment isn't made.

The ransom notes often contain graphic imagery from the Saw movie franchise. If the victim doesn't act fast, the ransomware deletes files progressively. It claims that it will delete 1,000 files every hour, which creates a sense of fear and urgency for the victim and makes the ransomware very effective.

Possible symptoms

The following signs might signal a Jigsaw ransomware infection:

  • Inaccessible files like documents, videos, or images.
  • File extensions changed to .fun, .btc, .locked, or similar.
  • Ransom notes on the desktop or in affected directories.
  • System slowdowns and instabilities.
  • Missing, encrypted, or unusable files, showing gibberish or encrypted content.

Sources of the infection

Jigsaw ransomware usually sneaks into a user's device through phishing emails containing malware-infected attachments and URLs. Victims click on these attachments or links and unknowingly download the malware. In addition to phishing emails, users often download Jigsaw from pirated websites with bundled software. This ransomware can also hide in malicious ads or drive-by downloads on malicious websites.

Protection

Jigsaw ransomware can quickly disrupt personal systems and organizational operations. Follow the tips below to stay protected online.

  • Don't click on unfamiliar links or attachments. Never open URLs and files from unfamiliar sources — they might be infected with malware and viruses.
  • Use email filtering tools. Email filters will send spam and suspicious emails to the spam folder before they reach your inbox.
  • Update your apps and software. It’s important to keep your software up to date because the latest system updates contain patches for known vulnerabilities.
  • Use Threat Protection Pro™. NordVPN's Threat Protection Pro™ is an antivirus tool designed to secure your browsing and protect you from phishing attacks, scams, malicious websites, and fishy ads. Plus, it scans your downloads for viruses.
  • Only trust official sources. Never download software from pirated websites.
  • Set up strong passwords. Create complex and unique passwords that contain upper- and lowercase letters, numbers, and special characters. You can use a password manager to store your strong passwords.

Removal

If you suspect your system is infected with Jigsaw ransomware, follow these steps:

  1. 1.Immediately disconnect from the internet. 
  2. 2.Restart your computer in safe mode — this should stop the malware from loading.
  3. 3.Use a decryption tool to decrypt your files.
  4. 4.Run a thorough antivirus scan.
  5. 5.Remove the threat.
  6. 6.If you have technical knowledge and know what to look for, delete unfamiliar files and registry entries from your computer. 
  7. 7.Once Jigsaw is gone for good, take care of your most important accounts (email, banking, cryptocurrency wallet) and change their passwords.

However, if the malware persists or you're unsure how to remove it, contact a cybersecurity professional. They will securely remove Jigsaw ransomware from your computer and restore any damaged software.