Jigsaw ransomware delete files hourly, but free decryptor is available now

Ransomware is nothing new; it has been around for a while now. Ransomware is software that is installed on your computer via various means that will encrypt files and offer to decrypt them only if you pay a ransom to the people who have encrypted the content. One of the newest ransomware to hit the web is called the Jigsaw Ransomware and a way to decrypt your files without paying the ransom has been discovered.

The name comes from the Jigsaw character from the movies that adorns the background of the ransomware message. Jigsaw demands that the affected computer owners pay $150 in bitcoin to get their data back. Jigsaw goes a step further and starts to delete files one by one each hour unit the ransom is paid. If the user reboots or tries to terminate the process, a thousand files are deleted.

A method of decrypting the files for free has been discovered by MalwareHunterTeam, Demonslay335, and BleepingComputer. The process requires the user to terminate firefox.exe and drpbx.exe in Task manager, then run MSConfig to disable firefox.exe at startup. Users will then need to download the JigSawDecrypter and launch the program.

Once that bit of software is installed, the decrypt my files button will undo the damage Jigsaw made. The programmers suggest that you leave the delete encrypted files box unchecked until you are sure that the tool can decrypt your files. After you finish running the decryption file, the makers suggest running an antivirus and anti-malware program to look for infections. There is no hard data on removing the ransomware to prevent reinfection. The decryption file can be downloaded here. Apparently, the Jigsaw Ransomware did decrypt the files if the user paid $150 in bitcoin.

SOURCE: bleepingcomputer.com