Jigsaw 4.6 Ransomware

Jigsaw 4.6 Ransomware is a brand new variant of the notorious Jigsaw Ransomware that emerged on the web approximately one year ago and has provided base for a couple of other variants since then, including Anonymous Ransomware and Payms Ransomware. However, even though its earlier version was a severe hit to its victims in which they could have lost most of their important files that were encrypted, this new version seems more like a work in progress to us. As a matter of fact, our samples simply did not encrypt any files and other functions did not work either. Nevertheless, it does not mean that these bugs will not be fixed in yet another new version that may hit the web very soon. Therefore, we would like to share with you what we have found out about this ransomware program. But, first and foremost, you need to remove Jigsaw 4.6 Ransomware if you want to secure your computer even if your version may not damage your files. Let us tell you in more details why this malware infection could be a dangerous threat if it happens to function.

The most likely way for you to let this ransomware enter your system is via spam e-mails. You may think that spam mails are still easy to spot or identify like they used to be. However, the truth is that schemers have evolved and use deceptive tactics that enable them to even trick the more experienced users. Just because you have a spam filter, it does not necessarily mean that it can give you 100% protection against such attacks. In fact, such a spam may seem to come from local authorities, well-known legal entities, companies, including your Internet provider, your bank, and so on. The subject matter is usually something that would draw your attention right away even if you find this spam in your spam folder. This can be anything related to an unpaid invoice, a questionable flight booking, wrong banking details given in connection with a purchase, and the like.

When you open such a spam, the message itself will not really give you any more clues as to what is going on. In fact, you could be simply pointed towards the attached image or text document file that is supposed to contain the invoice or information in question. However, do not think for a second that normally you could delete Jigsaw 4.6 Ransomware without consequences once you realize that you have been hit. You are only lucky if you have the version that does not encrypt because otherwise you could lose all your important personal files. Because when you click to view the downloaded attachment, you practically activate this ransomware attack.

Another way for you to infect your computer with ransomware in general is not to update your browsers and drivers. Criminals can use so-called Exploit Kits (e.g., Angler) to infect you through security holes in your software. We cannot confirm that this infection is spreading in this way but it is still essential for you to know that you should keep all your programs and drivers updated regularly if you want to do something for the safety of your virtual world.

When you install this ransomware, it creates a few VBS files in your %TEMP% directory. The main difference between the original and this version is that this threat does not seem to encrypt any of your files. Instead, it displays its ransom note and reads it out loud in an artificial woman’s voice as the text is shown typed letter by letter. This malware infection also pretends to show you personal information, such as your IP address, City, State, Country, Bank, and so on. However, these data are hard coded and thus never change. We have also found that the two buttons “View encrypted files" and "I made payment! Give me back my files" do not work either. Our research indicates that even the Bitcoin address that is provided fails to be a valid one. All these symptoms clearly show that this must be a work in development that hit the web too soon.

This ransomware infection claims 150 USD or 0.4 Bitcoins from you to be able to restore you files just like the original Jigsaw version. You are supposed to pay this amount within 24 hours, but the counter does not seem to start; yet another malfunctioning piece. Obviously, you should not even consider paying in this case, not that we would ever recommend that. In fact, you can quite easily remove Jigsaw 4.6 Ransomware once you kill the two main processes "Jigsaw Ransomware" and "wscript.exe" via Task Manager. Let us show how you can accomplish all this.

In order to eliminate this ransomware infection, after you have ended both malicious processes, you simply need to locate and delete all related files. We have prepared a step-by-step guide for you if you would like to give it a shot manually. However, if you do not really feel up to this task, you may want to consider using a professional anti-malware program, such as SpyHunter. But you need to keep this tool updated, too if you want peace of mind and continuous, effective protection against malicious attacks.

How to remove Jigsaw 4.6 Ransomware from Windows

1. Press Ctrl+Shift+Esc to launch Task Manager.
2. Locate the process named "Jigsaw Ransomware" and click End task.
3. Locate the process named "wscript.exe" and press End task.
4. Close the Task Manager.
5. Press Win+E to open File Explorer.
6. Delete the downloaded malicious file from where you saved it.
7. Navigate to your %TEMP% directory and delete these files: appmodel.exe, SPEAK.VBS, and TEXT.VBS
8. Empty your Recycle Bin.
9. Restart your PC.