Ransomware attacks have caused billions of dollars in damage, and pose a huge threat to all of us. As ransomware's usage grows, more strains of this dangerous malware arise, including Jigsaw. So, where did Jigsaw ransomware come from, how does it work, and how can you steer clear of it?
The Origins of Jigsaw Ransomware
Jigsaw ransomware (named after the popular SAW franchise antagonist) was created in April 2016 and released just a week later. Since its launch, this strain of ransomware has been used to target numerous victims, and has secured a name for itself as one of the most prominent kinds of ransomware out there today. Multiple variants of Jigsaw ransomware have also been developed since its release.
But Jigsaw isn't just a ransomware program. It is also a Ransomware-as-a-Service (RaaS) platform. Such platforms provide users with ransomware code for a fee. In the case of Jigsaw, it costs around $140 to buy, making it fairly accessible to most malicious actors. Jigsaw ransomware can be bought on the dark web, a hot spot for hackers looking for malware, sensitive information, and other valuable data.
How Does Jigsaw Ransomware Work?
Jigsaw ransomware is typically spread via spam mail. In this such mail, the Jigsaw ransomware is placed in a malicious attachment. Other forms of Jigsaw ransomware have also been found in adware, another dangerous and frustrating malicious program. Once the malware infects a device, it will start up next time you turn it on. Then, Jigsaw can get to work encrypting all the files on your computer, as well as the master boot record.
Jigsaw ransomware is capable of encrypting over 220 different file types, making it a very versatile option for attackers. But it's worth noting that Jigsaw cannot encrypt executable files (i.e files ending with ".exe"). When the ransomware is successfully deployed and encrypts files, a window will pop up on the victim's device listing all the files that have been locked.
Following the SAW theme, the window notifying victims of ransomware infection features the creepy character, Jigsaw (also known as Billy the Puppet). Within the window, the threat of file deletion will be included, letting the victim know what is at stake. Along with this, a countdown timer is placed under the threatening note. This ticking timer style of attack execution makes things that much scarier for the victim, which can help the operator in receiving the ransom.
Not only can Jigsaw encrypt files, but locked data could be deleted en masse if the target does not comply. In fact, Jigsaw ransomware threatens to delete up to 1,000 files from the targeted computer in a split second if the victim attempts to delete the program outright. Every hour that goes by where the victim does not pay the ransom, Jigsaw will automatically delete another file. After 72 hours, the operator claims that they will delete all the files if their demands are not met.
Only Windows-based devices are at risk of being targeted by Jigsaw, but this still leaves a huge catchment area for cybercriminals. As reported by Statista, Windows has more than a 70 percent share in the global operating system market, so Jigsaw operators have no shortage of victims to choose from.
Jigsaw is also known as the BitcoinBlackmailer because operators often ask for the ransom to be paid in Bitcoin. Cryptocurrency is popular with cybercriminals, as it provides them with an extra layer of anonymity, allowing them to more effectively evade law enforcement.
Jigsaw operators tend to ask for $150 to be paid in Bitcoin for the victim's files to be unlocked. Compared to other ransomware attacks, this isn't a very large amount, but can still be a major inconvenience to victims, especially those facing financial hardship or those who are not well-versed in crypto payments.
What Are Jigsaw's Weaknesses?
Though Jigsaw ransomware poses dangers, it also has a significant flaw: it is written in .NET. Because of this, Jigsaw's code can be used to decrypt the files locked by operators.
In fact, Bleeping Computer provides a Jigsaw decryptor tool for those infected with this ransomware.
Other cybersecurity firms also offer a Jigsaw decryption tool, including EMSISOFT. So, if you find yourself in this position, give one of these tools a try, as they may save you money and keep your data safe.
What's more, Jigsaw's threat to delete 1,000 files instantly from an infected device seems to be hollow. There is no evidence that the program can do this, and, along with the ease of decryption, Jigsaw is not as much of a danger as some other ransomware programs out there. It's also been suggested that Jigsaw was made by low-to-mid-level hackers, given the ease of decryption.
Though a decryptor tool does exist, prevention is always better than cure. So, how can you avoid Jigsaw ransomware?
How to Avoid Jigsaw Ransomware
The first step you should take to avoid all kinds of malware is installing a trusted antivirus program, such as Norton, BitDefender, or McAfee. This acts as a first line of defense against malware and viruses, and should be used by everyone.
When using an antivirus program, you should also ensure that you're updating it regularly. Doing this will iron out security vulnerabilities and bugs, which cybercriminals exploit to spread malware and attack devices. Updates can be irritating, but it's always better to get them done as soon as possible.
Because Jigsaw ransomware is often spread via spam mail, you should also be keeping an eye on the emails you receive. Opening any old attachment, regardless of the sender, can be perilous, as cybercriminals frequently spread malware via links and attachments.
Backing up your files is also a good idea when it comes to tackling any form of ransomware, as the key attack method of this malware is to encrypt and delete your files. Having a hardware backup to hand can be invaluable when dealing with ransomware infection.
Jigsaw Malware Has Weaknesses but Can Still Be Dangerous
While Jigsaw ransomware can be decrypted, it still poses a risk to less tech-savvy individuals. If a person is not aware of the Jigsaw decryptor, this ransomware could cost them their data and money. So, it's always best to do what you can to avoid ransomware infection from the outset, instead of having to deal with it once it corrupts your computer.