1 of 4
Danger level 9
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions

Jigsaw Ransomware

Jigsaw Ransomware is a serious computer infection that might sneak onto the computer unnoticed. Even though it enters onto computers rather secretly, we are sure that you will notice that something is wrong because all your pictures, documents, music, and other files will be encrypted. In other words, you will not be able to access your files. All ransomware infections act this way because they seek to push users into paying money. We understand that your files are important to you; however, we still do not think that it is worth paying a ransom because a tool that can unlock files for free exists. It is a must to take care of the ransomware infection before using the decryptor because this infection might encrypt files once again. In this article, specialists working at pcthreat.com are going to provide more information on the removal of this infection. In addition, they will describe how Jigsaw Ransomware acts in a detailed way. We are sure that you will decide to take some action immediately after reading this report.

Researchers have already tested this ransomware infection thoroughly and found that it will encrypt files in all the directories, including Desktop, Program Files, Windows, and Temp. Unfortunately, it is targeted at all kinds of files with such filename extensions as .gif, .png, .bmp, .pdb, .sql, .php, .asp, .swf, .xml, .ppsm, .asx, .mpg, .wmv, .vob, .m4u, .xlsb, .raw, .png, .java, .jar, .class, .doc, .docx, .ppt, .xpm, .zip, and others. There is no doubt that the file is encrypted if it has the .fun filename extension attached to it, for instance, picture.jpg.fun, document.docx.fun and, slides.ppt.fun. A window with a message will appear on the Desktop to inform users about the ways of decryption after the encryption process is finished. It will first inform them that all the files are encrypted and then will ask to transfer $150 (approximately 0.4 Bitcoin):

Your computer files have been encrypted. Your photos, videos, documents, etc....

But, don't worry! I have not deleted them, yet.

You have 24 hours to pay 150 USD in Bitcoins to get the decryption key.

Every hour files will be deleted. Increasing in amount every time.

After 72 hours all that are left will be deleted.

If you do not have bitcoins Google the website localbitcoins.

Purchase 150 American Dollars worth of Bitcoins or .4 BTC. The system will accept either one.

Send to the Bitcoins address specified.

Within two minutes of receiving your payment your computer will receive the decryption key and return to normal.

Try anything funny and the computer has several safety measures to delete your files.

As soon as the payment is received the crypted files will be returned to normal.

Thank you

There are users who believe that paying the ransom is the only way to decrypt files but it is not true. In fact, there are no guarantees that files will be unlocked for you after you make a payment. Besides, the ransomware infection will not disappear and might strike again. Our suggestion would be to delete Jigsaw Ransomware, find a free decryption tool that is available on the web, and use it to gain access to files.

Experts recommend going for the Jigsaw Ransomware removal as soon as possible because this infection is going to delete files from the system every 60 minutes. If a user restarts the computer or terminates its main process, the ransomware will delete 1 000 files after it launches again (it creates the Startup entry to be able to launch with Windows OS). There is no doubt that it acts like that in order to pressure the victim into paying money. As you already know, we do not recommend doing that; however, we suggest taking care of this ransomware ASAP because it might really delete all the files, and there will be no way back.

It is not exactly known how Jigsaw Ransomware travels; however, security specialists believe that it is spread like other well-known ransomware infections, including Salam Ransomware, CryptoHost Ransomware, Rokku Ransomware, and Redshitline Ransomware. To be more specific, this infection travels as an email attachment. The subject of these email letters is usually quite appealing, so people tend to open them and download the attachment. Of course, this is not the only way this threat is spread. According to specialists, this ransomware infection might also sneak onto your computer if you land on some kind of untrustworthy web page. Last but not least, it might also enter systems together with untrustworthy software from torrents and file-sharing websites. As you can see, Internet is a dangerous place and you always have to be careful. There is not much you can do to protect the system from malware. Of course, you should not visit untrustworthy websites, download suspicious software, or open spam email attachments. It is a must to install a reputable antimalware tool on the system as well!

It is quite hard to delete Jigsaw Ransomware from the system, so we have prepared manual removal instructions. These instructions might still not help less experienced users, so if you are one of them, you should go for the automatic removal of this ransomware infection. The free version of a trustworthy scanner SpyHunter can be downloaded from our web page (click on the Download button).

Remove Jigsaw Ransomware manually

  1. Tap Ctrl+Shift+Esc and then open the Processes tab.
  2. Kill drpbx.exe and firefox.exe processes.
  3. Launch RUN and enter regedit.exe. Click OK.
  4. Move to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  5. Find the firefox.exe value and right-click on it.
  6. Select Delete.
  7. Launch RUN again and enter %LOCALAPPDATA% in the box. Click OK.
  8. Remove the Drpbx folder.
  9. Launch RUN and enter %UserProfile%. Click OK (9-11 steps for Windows XP users only).
  10. Go to Local Settings and access Application Data.
  11. Delete the Drpbx folder.
  12. Go to %APPDATA% and open System32Work.
  13. Remove the following files: Address.txt, dr, and EcnryptedFileList.txt
Download Spyware Removal Tool to Remove* Jigsaw Ransomware
  • Quick & tested solution for Jigsaw Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.