German Jigsaw .spaß

The German Jigsaw .spaß ransomware is a malicious threat that, as it was discovered, is a variant of the infamous Jigsaw Ransomware. This particular variant has been created to target German Windows users, which is why that is included in its “official” name. The “.spaß” part represents the unique extension that the threat adds to the files it encrypts. Just like its predecessor, this malicious infection encrypts files. That is its main task. If the infection is executed correctly, and files are encrypted, it can then be used to demand a ransom payment, which is the only reason this malware was created in the first place. Unfortunately, victims of this infection might be pushed against a wall by it, and they might agree to pay the ransom, which is the last thing our research team recommends doing. Overall, whether or not you pay the ransom, you cannot forget to remove German Jigsaw .spaß ransomware. Hopefully, you can delete the infection without dire consequences, but if you end up losing your files, take this is a lesson; even if it is an incredibly painful one.

According to our malware analysts, the functionality of the German Jigsaw .spaß ransomware does not differ much from the older variants. For example, it continues to copy itself in the same two locations, %LOCALAPPDATA%\Drpbx\ and %LOCALAPPDATA%\Google (x86)\. You can find drpbx.exe in the first folder, and Chrome32.exe in the second one. This file also has a point of execution in the RUN registry (HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Chrome32.exe). So, even if you delete German Jigsaw .spaß malicious launcher right away, the infection will prevail due to these copies and the RUN key. If it functions properly, the infection is meant to start encrypting files right away, and it can affect over 120 types of files (including .jpg, .gif, .png, .bmp, .rar, or .zip,) in various locations. It can even encrypt files in the %PROGRAMFILES% directory. Once encryption is complete, you cannot open the files, but you can see which ones were encrypted because of the “.spaß” extension attached to their names. This might be when you realize that you need to remove malware.

If you do not notice the encrypted files, you should realize that you need to delete German Jigsaw .spaß ransomware once it launches a window with the ransom note. This note is accompanied by the scary image of jigsaw and a timer that gives you 60 minutes. According to the message – which, of course, is in German – the victim needs to send $500 worth of Bitcoins to a Bitcoin Wallet set up by cyber criminals. This wallet address is 1CpnhbLaqLj5NgXwYVQ5aXmrMzvhzjehmm, and no one has transferred any money to it yet. The ransom note informs that if the victim does not pay the ransom, malware can start deleting encrypted files in batches after the first 60 minutes run out. It also claims that files would be deleted if the victim were to close the ransom note window. Is that the truth? Should you believe these claims? At the end of the day, even if you pay the ransom, the chances of you getting your files decrypted are slim to none. Therefore, instead of worrying about how to deal with cyber criminals, we suggest focusing on the removal of German Jigsaw .spaß malware.

Will you lose your chance to decrypt files if you delete German Jigsaw .spaß malware? Well, it is unlikely that you have this option at all, and that is why you should not hesitate to eliminate this threat right away. Although decryption is unlikely to be possible, you might be able to restore your files from a backup. If copies of your files are stored on an external drive or a virtual cloud, all you need to do is remove German Jigsaw .spaß malware and then replace the corrupted files with their copies. Of course, if you choose to do this, delete the corrupted files first because you want to free up space. As for the removal of the ransomware, you have two options. You can eliminate it yourself using the instructions posted below, or you can rely on a legitimate anti-malware program. We suggest going with the second option because you also need the protection this program can provide you with. Also, do not forget to back up your files in the future if you want to guarantee that they are safe!

German Jigsaw .spaß Ransomware Removal

1. Tap Ctrl+Alt+Delete and choose Start Task Manager.
2. Click the Processes tab to find malicious processes.
3. Right-click them and select Open file location first to find malicious .exe files.
4. Go back to the processes, select them, and choose End Process.
5. Delete the malicious .exe files.
6. Tap Win+E to launch Windows Explorer.
7. Enter %LOCALAPPDATA%\Google (x86)\ into the field at the top.
8. Delete a file named Chrome32.exe.
9. Enter %LOCALAPPDATA%\Drpbx\ into the field at the top.
10. Delete a file named drpbx.exe.
11. Tap Win+R to launch RUN and then enter regedit.exe into the dialog box.
12. In Registry Editor, go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
13. Delete the value named Chrome32.exe.
14. Empty Recycle Bin and quickly perform a full system scan. If threats are detected, eliminate them ASAP.