Remove Jigsaw Ransomware

How to Remove Jigsaw Ransomware?

Reader recently start to report the following message being displayed when they boot their computer:

Your computer files have been encrypted. Your photos, videos, documents, etc…
But, don’t worry! I have not deleted them, yet.
You have 24 hours to pay 150 USD in Bitcoins to get the decryption key.
Every hour files will be deleted. Increasing in amount every time.
After 72 hours all that are left will be deleted.

If you do not have bitcoins Google the website localbitcoins.
Purchase 150 American Dollars worth of Bitcoins or .4 BTC. The system will accept either one.
Send to the Bitcoins address specified.
Within two minutes of receiving your payments your computer will receive the decryption key and return to normal.
Try anything funny and the computer has several safety measures to delete your files.
As soon as the payment is received the crypt files will be returned to normal.

Thank you.


Well, it’s safe to assume that someone watched the Saw movies and found inspiration in the franchise’s leading menace – the main antagonist. And, that someone, evidently decided it was a good idea to use the catchy name of the serial killer as a means to an end – a tool to kidnap your files and make demands for their safe return. That’s how you become a victim of the Jigsaw ransomware. The Jigsaw name is affiliated with a new ransomware infection that quickly turns into the bane of your existence. Ransomware is arguably the worst cyber threat you can catch as it poses many dangers and has a dreadful influence over your system. The infection slithers into your computer via deceit and slyness and then takes control. It kidnaps your files and demands you pay a ransom if you wish to regain control. And, pretty similarly to the Jigsaw killer in the movies, forces you to make a choice. You can choose between paying up the requested ransom and freeing your data and not doing that and losing them. When you look at it like that, the answer’s pretty simple: choose your files. However, in life, things are rarely that simple. Let’s take a closer look. The requested ransom amounts to around $160, and you can also pay in bitcoins. In true Jigsaw fashion, the tool gives you a time limit. You have about 26 hours before you lose all of your data for good. And, just to make sure you don’t take too long to make up your mind, the ransomware is set to delete one of your files each hour. And, in the unlikely scenario that you felt something was lacking in the Jigsaw scheme, there’s also a punishment if you attempt to do any damage control or try any ‘funny business.’ If you restart your computer or take any preemptive actions against the cyber threat, it deletes a thousand files from your computer. Let’s say that again: a thousand files will be lost to you! That’s some punishment. Not to mention, it’s the perfect means to pressure you into panicking and paying up the required ransom. As you can plainly see, the Jigsaw ransomware is a menace through and through. But, know this: it’s an unreliable tool, governed by untrustworthy strangers with wicked intentions! They don’t deserve your trust, so don’t grant it! Don’t just assume they’ll keep their end of the bargain after you’ve held yours. It’s just ludicrous. Don’t give into the madness that is Jigsaw for it’s a fight you can’t win. The game is rigged against you from the start, and the sooner you accept that, the better. Don’t risk losing your privacy in the hopes of gaining back your files. It’s not worth the gamble. Make the tougher but wiser choice and forsake your data. It’s replaceable. Your privacy is not.

How did I get infected with?

Jigsaw cannot just appear on your computer one day. It doesn’t work like that. It’s probably not what you wanted to hear, but it was you, who opened the door to the nasty tool. You most likely weren’t attentive enough when you should have been, and now you’re stuck paying the price for your carelessness. Like most cyber threats, Jigsaw used your distraction, naivety, and haste to slither in. Remember, infections prey on carelessness, and Jigsaw is no exception. Its favorite means of invasion include hiding behind freeware, corrupted links, or sites or pretending to be a fake update, like Java or Adobe Flash Player. It can also sneak in undetected via corrupted archive files, text and PDF documents that come as attached files to spam emails. Do NOT download attachments from suspicious emails with unknown senders! Don’t even open them! To avoid getting stuck with infection, you must live and breathe the ‘Better safe than sorry’ motto. Especially when installing files or updates from the web. Choose caution over carelessness. After all, even a little extra attention today can save you a ton of troubles and headaches tomorrow.

Remove Jigsaw

Why is Jigsaw dangerous?

Once Jigsaw has settled into your system, it wastes no time and quickly gets to work. It encrypts every single file you have stored on your computer, no exceptions. Every document, picture, video, song, everything is no longer under your control. The tool takes over and by using the AES-256 encryption mechanism, locks your data securely, and prevents brute force decryption. It renders your files inaccessible by renaming them and, thus, tries to back you into a corner and force you to comply with its demands. The pesky encryption program asks you to pay 0,4 Bitcoins, which is roughly between $150 and $170, for the safe return of your data. The deal is simple: pay up, and you’ll receive the decryption key with which to free your files. Only, there are NO guarantees that the ransomware will come through on its part. You don’t know if it will give you the right key, if it works, you don’t know anything. And, even if it does fulfill its end of the bargain, and that’s a pretty big ‘if,’ what’s stopping it from kicking right back in the next day and encrypting everything yet again? Nothing. Nothing is stopping it. When you weigh your chances, it’s best not to pay up and hope for the best, but to forsake your files and protect yourself. Because that’s right! If you complete the payment, you give access to your personal and financial information to unknown third parties with malicious intentions. And, that’s hardly something you want. Do what’s best for you by making the right decision, even though, it may come difficult. Do NOT comply with the ransomware’s demands. Don’t give into its extortion scheme. If you do, you’ll regret it. Let go of your data so as to protect your privacy. It’s truly the best course of action you can take.

Jigsaw Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Jigsaw Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Jigsaw encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Jigsaw encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment