Jigsaw ransomware, but really should be called hostageware, not only encrypts your files like other ransomware infections but Jigsaw will delete your files if you don’t pay. Like a Hollywood action movie cliche Jigsaw will delete one file after the first hour and increase the number of deleted files thereafter. If the user attempts to restart the computer or the processes running the ransomware it will delete 1,000 files.
Luckily researchers have figured out how this infection works and built a process and tools to clean up your system without having to pay or losing any files.
The first thing infected users should do is to open the Windows Task Manager and terminate all processes named firefox.exe or drpbx.exe which were created by the ransomware. Then they should launch the Windows MSConfig utility and disable the startup entry that points to %UserProfile%\AppData\Roaming\Frfx\firefox.exe. To open MSConfig type msconfig in the run box. This will stop the file deletion process and will prevent the malware from restarting when the system boots up.
Once that has been done, go download/update the anti-virus program and run several malware scanners to clean out the infection.
Jigsaw is particularly devastating because it’s the first of its kind seen in the wild that will actually carry out the delete threats. Time is of the essence if you get infected with this one, act quickly and do not wait because your encrypted files will begin to disappear.
Like always, a strong backup practice for your personal machine or enterprise will limit your exposure to being a victim to a ransomware attack.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.