Decryption Tool Defeats Jigsaw Ransomware
Posted by: Timothy Weaver on 04/14/2016 07:20 AM
[
Comments
]
Menacing ransomware called Jigsaw may have been defeated by researchers analyzing the malware, that include security researchers at MalwareHunterTeam and individual computer forensics experts Michael Gillespie and Lawrence Abrams.
Jigsaw is known to delete thousands of files an hour if victims do not pay the ransom. Jigsaw asks for 0.4 bitcoins or about $150. It will delete files exponentially every hour until the ransom is paid. Rebooting the computer could cost the victims 1,000 deleted files.
The researchers posted instructions for anyone hit with the Jigsaw ransomware on Abrams’ BleepingComputer.com security blog that include the tool needed to decrypt files.
Abrams said: "The criminals behind this ransomware are taking just as much pleasure in toying with victims as they are taking their money.” But, he said, attackers are living up their promise and are actually destroying the files if people don’t pay up.
“Your average Jigsaw victim is not going know where to buy a Bitcoin. The process is cumbersome and could take someone days to figure out. And by that time tens of thousands of files are going to be deleted,” Abrams said.
Jigsaw victims can avoid any files from being deleted by going into their Windows Task Manager and terminating the firefox.exe process along with the drpbx.exe processes.
Outsmarting ransomware criminals is not common. But earlier this week, researchers said they were able to crack the Petya ransomware and develop a decryption tool that allowed victims to generate keys to unlock encrypted files in less than 10 seconds.
Source: ThreatPost
Jigsaw is known to delete thousands of files an hour if victims do not pay the ransom. Jigsaw asks for 0.4 bitcoins or about $150. It will delete files exponentially every hour until the ransom is paid. Rebooting the computer could cost the victims 1,000 deleted files.The researchers posted instructions for anyone hit with the Jigsaw ransomware on Abrams’ BleepingComputer.com security blog that include the tool needed to decrypt files.
Abrams said: "The criminals behind this ransomware are taking just as much pleasure in toying with victims as they are taking their money.” But, he said, attackers are living up their promise and are actually destroying the files if people don’t pay up.
“Your average Jigsaw victim is not going know where to buy a Bitcoin. The process is cumbersome and could take someone days to figure out. And by that time tens of thousands of files are going to be deleted,” Abrams said.
Jigsaw victims can avoid any files from being deleted by going into their Windows Task Manager and terminating the firefox.exe process along with the drpbx.exe processes.
Outsmarting ransomware criminals is not common. But earlier this week, researchers said they were able to crack the Petya ransomware and develop a decryption tool that allowed victims to generate keys to unlock encrypted files in less than 10 seconds.
Source: ThreatPost
Comments
