Jigsaw is the latest newborn on the ransomware family, it welcomes itself into that family by threatening to erase all of its victim’s files. However there are ways to stop its execution, setting all files free.
Besides encrypting and making files unavailable, Jigsaw also removes them in a cyclic way. It starts an hour after you have gotten the first message asking for the ransom payment (around $150 USD worth of Bitcoins). After every 60 minutes that pass, the ransomware goes after even more files to erase. They expect full payment before reaching the 72 hours mark, or they will erase all remaining files from the computer.
“Any funny business you attempt to do to stop me will only make it worse… you’ll force me to make sure new tasks are executed to keep erasing your files” … this message is played by the Jigsaw mask, the murderer in the Saw films.
Experts have already found a quite easy way to stop this new program: first of all you must open Windows’ task manager in order to close a couple of processes installed by the ransomware: firefox.exe and drpbx.exe. Afterwards you must open Windows’ MSConfig and remove the following entry: %UserProfile%AppDataRoamingFrfxfirefox.exe which will cause the erasing process to stop.
Ransomware such as Jigsaw is usually installed after opening a fake e-mail, however up until this moment we are not sure of how Jigsaw is installed. To avoid this kind of issue in the future we recommend you to do regular backups into external media devices.
How to remove Jigsaw ?
Remove Jigsaw with MalwareBytes Anti-Malware
Malwarebytes Anti-Malware is a light-weight anti-malware program that is excellent at removing the latest detections.
- Download Malwarebytes Anti-Malware to your desktop.
Premium Version Free Version (without Real-time protection) - Install MalwareBytes Anti-Malware using the installation wizard.
- Once installed, Malwarebytes Anti-Malware will automatically start and you will see a message stating that you should update the program, and that a scan has never been run on your system. To start a system scan you can click on the Fix Now button.
- If an update is found, you will be prompted to download and install the latest version.
- Malwarebytes Anti-Malware will now start scanning your computer for Jigsaw.
- When the scan is complete, make sure that everything is set to Quarantine, and click Apply Actions.
- When removing the files, Malwarebytes Anti-Malware may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot your computer, please allow it to do so.
Remove Jigsaw with MalwareBytes Anti-Malware
Malwarebytes Anti-Malware dis a light-weight anti-malware program that is excellent at removing the latest detections.
- Download Malwarebytes Anti-Malware to your desktop.
Premium Version Free Version (without Real-time protection) - Install MalwareBytes Anti-Malware using the installation wizard.
- Once installed, Malwarebytes Anti-Malware will automatically start and you will see a message stating that you should update the program, and that a scan has never been run on your system. To start a system scan you can click on the Fix Now button.
- If an update is found, you will be prompted to download and install the latest version.
- Malwarebytes Anti-Malware will now start scanning your computer for Jigsaw.
- When the scan is complete, make sure that everything is set to Quarantine, and click Apply Actions.
- When removing the files, Malwarebytes Anti-Malware may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot your computer, please allow it to do so.
Remove Jigsaw with HitmanPro
HitmanPro is a second opinion scanner, designed to rescue your computer from malware. HitmanPro is designed to work alongside existing security programs without any conflicts. HitmanPro offers you a Free Scan for a second opinion.
- You can download HitmanPro from the below link:
Download HitmanPro - Double-click on the file named HitmanPro.exe (for 32-bit versions of Windows) or HitmanPro_x64.exe (for 64-bit versions of Windows).
- Click on the Next button, to install HitmanPro on your computer.
- HitmanPro will now begin to scan your computer for Jigsaw malicious files.
- When it has finished it will display a list of all the malware that the program found as shown in the image below. Click on the Next button, to remove Jigsaw virus.
Decrypt your files.
You should know that once Jigsaw has been completely removed from your computer (with Malwarebytes and Hitman Pro) it is possible to decrypt (although it’s not completely certain) your files. To attempt this task, download:
Jigsaw Decrypter: https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip
Open the software and choose the directory or files that are crypted. Don’t select the case “Delete Encrypted Files”, until you’re completely sure that the decryption process has been achieved with success.
Click here to go to our support page.