File-deleting Jigsaw ransomware cracked

By

Decryptor found for aggressive malware.

Researchers have been quick to defeat the recently discovered Jigsaw ransomware, which will aggressively delete encrypted user files on Windows computers until payment is received from its victims.

File-deleting Jigsaw ransomware cracked

The new decryptor comes from the same team that cracked the Petya ransomware this week - computer forensics specialist Lawrence Abrams and collaborators at the Bleeping Computer website, Michael Gillespie, as well as the Malwarehunterteam.

Jigsaw targets a large number of file types and scrambles them with the Advanced Encryption Standard (AES) Rijndael algorithm. 

The malware is very destructive and will start spreading its damage each time users log in to Windows.

Users are asked to pay ransom of US$20 to US$200 (A$26 to A$260), or 0.4 Bitcoin (A$222) depending on which variant of Jigsaw they've been attacked with. Five variants of Jigsaw have been detected by Abrams so far.

If no payment is received to a Bitcoin address within 60 minutes of Jigsaw starting up, the ransomware will delete one or more of the victim's files. The deletion of files is repeated every 60 minutes, until users give into the blackmail and pay up.

To stop files from being deleted, users are advised to terminate the two processes Jigsaw runs on Windows using Task Manager: firefox.exe and drpbx.exe.

Once the two processes have stopped, it is crucial to run the msconfig utility in Windows and remove the firefox.exe startup entry, otherwise the ransomware can restart and delete another thousand files.

After Jigsaw has been terminated, victims can run the program developed by Gillespie to decrypt their files and hard drives.

At the time of writing, it is not clear how Jigsaw spreads or who is behind the blackmailing malware.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Log In

  |  Forgot your password?