Jigsaw is the latest newborn on the ransomware family, it welcomes itself into that family by threatening to erase all of its victim’s files. However there are ways to stop its execution, setting all files free.
Besides encrypting and making files unavailable, Jigsaw also removes them in a cyclic way. It starts an hour after you have gotten the first message asking for the ransom payment (around $150 USD worth of Bitcoins). After every 60 minutes that pass, the ransomware goes after even more files to erase. They expect full payment before reaching the 72 hours mark, or they will erase all remaining files from the computer.
“Any funny business you attempt to do to stop me will only make it worse… you’ll force me to make sure new tasks are executed to keep erasing your files” … this message is played by the Jigsaw mask, the murderer in the Saw films.
Experts have already found a quite easy way to stop this new program: first of all you must open Windows’ task manager in order to close a couple of processes installed by the ransomware: firefox.exe and drpbx.exe. Afterwards you must open Windows’ MSConfig and remove the following entry: %UserProfile%AppDataRoamingFrfxfirefox.exe which will cause the erasing process to stop.
Ransomware such as Jigsaw is usually installed after opening a fake e-mail, however up until this moment we are not sure of how Jigsaw is installed. To avoid this kind of issue in the future we recommend you to do regular backups into external media devices.
View full solution