Jigsaw Ransomware - How to remove?


Jigsaw Ransomware is a serious infection that can infiltrate into your system without you noticing, lock your files and try pushing you into paying money. It usually asks around $150 in Bitcoins and claims that this is the only way to get your files back. Clearly if your important files were locked, you will do whatever it takes to get them back. However, if it’s Jigsaw Ransomware, be very careful. Even after paying, there are no guarantees that you will get a decryption key. Therefore, we strongly recommend restoring your files from a back up and removing Jigsaw Ransomware as soon as possible.

It is also recommended to scan your system wit ha reputable anti-malware program, like Spyhunter or StopZilla to make sure your system is clean. These programs will also protect your system from similar infections.

About Jigsaw Ransomware

Once installed, Jigsaw Ransomware scans your system and looks for certain extensions to encrypt your files. Usually it targets files with the following extensions: .gif, .png, .bmp, .pdb, .sql, .php, .asp, .swf, .xml, .ppsm, .asx, .mpg, .wmv, .vob, .m4u, .xlsb, .raw, .png, .java, .jar, .class, .doc, .docx, .ppt, .xpm, .zip, and and others. Then it changes the names of your files and ads .fun extension to them, so they become .gif.fun, .png.fun, etc. Sometimes, other extensions are used as well (.btc, .gws or .kkk). Then Jigsaw Ransomware displays a message that looks like this:

Your computer files have been encrypted. Your photos, videos, documents, etc….
But, don’t worry! I have not deleted them, yet.
You have 24 hours to pay 150 USD in Bitcoins to get the decryption key.
Every hour files will be deleted. Increasing in amount every time.
After 72 hours all that are left will be deleted.
If you do not have bitcoins Google the website localbitcoins.
Purchase 150 American Dollars worth of Bitcoins or .4 BTC. The system will accept either one.
Send to the Bitcoins address specified.
Within two minutes of receiving your payment your computer will receive the decryption key and return to normal.
Try anything funny and the computer has several safety measures to delete your files.
As soon as the payment is received the crypted files will be returned to normal.
Thank you

As you see, it claims that you have 24 hours to pay a ransom or the amount of it will be increased. It also starts deleting your files if you don’t pay within 24 hours. If you don’t do it in 72 hours, the program claims that your files will be deleted for good. It sound really scary, especially if Jigsaw Ransomware locks important data. However, you should not rush to pay, as it doesn’t guarantee that your files will be unlocked. We highly recommend restoring your files from a back up and removing Jigsaw virus.

Note, that if you REBOOT your PC, 1000 files will be deleted at once. Thus if you turned your computer down, don’t boot it without good enough plan.

Jigsaw ransomware special removal steps

1. Press Ctrl+shift+esc

2. Terminate Firefox.exe, drpbx.exe task ( if you use Mozilla Firefox for browsing and it closes, you can run it later on or use other browser temporarily).

3. Delete the files or scan your PC with Spyhunter, Malwarebytes to identify and remove the parasites.

4. Download and run Jigsaw virus decrypter . Follow instructions.

5. If you haven’t done so, SCAN your PC for downloaders and other parasites that might have caused the ransomware infection. We recommend Spyhunter, Malwarebytes, reimage.

Update of the 30th of November, 2016. Jigsaw ransomware was noticed to have been included into the fake version of Electrum Coin Adder application.

Update of the 25th of December, 2016. A new version of Jigsaw crypto-malware adds .hush extension to encrypted data files.

Update of the 30th of January, 2017. A new sample of Jigsaw ransomware virus has been detected. It appends .paytounlock extension. Thankfully, it is not a major threat since people can decrypt their files with a reliable decrypter.

Update of the 6th of February, 2017. Jigsaw introduced two more samples of its infection. It appends either .uk-dealer@sigaint.org extension or .gefickt to the encrypted data. Decrypter has been updated to recover files that have been infected with these variants.

Update of the 13th of March, 2017. A 4.6 version of Jigsaw ransomware has been detected. For now, it does not encode data, but its ransom note, lock-screen and message section is different than it was before.

Update of the 20th of March, 2017. We discovered that once again, a new extension should be listed as belonging to Jigsaw. .nemo-hacks.at.sigaint.org extension is going to be appended by the new sample. Above, you can notice the new lock-screen it displays.

Manual Jigsaw Ransomware removal


Important Note: Although it is possible to manually remove Jigsaw Ransomware, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on 2-viruses.com.

External descriptor:

Jigsaw Ransomware screenshots

April 14th, 2016 05:49, March 20th, 2017 02:31
Fill this form to subscribe to our newsletter

3 thoughts on “Jigsaw Ransomware

  1. What if i just shut down my computer after that scary alert pops up and then boot a Linux Cd to delete this malware?

Leave a Reply

Your email address will not be published. Required fields are marked *