Extortion Ploys Return With Jigsaw Ransomware Download

Learn more about the latest Jigsaw ransomware scam and how to protect yourself.

protection against malware

Ransomware is one of the methods used by hackers and adversaries to threaten people to pay money or lose files stored in their systems. They use AES – an asymmetric encryption algorithm to encrypt the data and demand a ransom. This ransomware-type malware gets distributed through

  • Fake software updates
  • Malicious e-mail attachments
  • Peer to peer (P2P) networks (for example, Torrent)
  • Trojans

The latest in the series of ransomware scams to hit thousands of systems across the world is the jigsaw ransomware download scam.

How Jigsaw Scam Works?

The Jigsaw scam came into the spotlight in 2016. Named after the iconic character appearing in the ransom note, it installs ransomware into the user’s computer and takes control of the data stored in the system.

It not only encrypts the victim’s files but also deletes them if they fail to pay the ransom. It deletes files every 60 minutes when the program restarts. Cofense researchers analyzed the ransomware from a phishing jigsaw e-mail.

Unsuspecting users receive an e-mail stating that their account is compromised. The e-mail further adds as a proof the statement of their bank accounts. The link leads the users to a webpage hosting that appears to be PDF bank statement but is an MSI file.

Jigsaw victims, without giving any second thought download the attachments, not realizing that they are unknowingly installing the ransomware into their system.

protection against ransomware

The Ransom Note Of Jigsaw Ransomware Scam

The latest jigsaw ransomware comes with live chat support and also uses the famous puppet image from the Hollywood movie “Saw”. Once the hackers install the ransomware files drpbx.exe and firefox.exe into the system, a ransom note appears on the victim’s screen. It starts a countdown timer which threatens victims to pay the ransom or risk losing files incrementally every 1 hour. It also contains instructions about how files are encrypted and how to retrieve them, etc. And in case the victim decides to restart the system, the ransomware deletes 1000 files as a punishment.

Users who decide to pay the ransom need to purchase bitcoins for a specified amount and transfer the coins to an address provided by the hackers. The payment demanded ranges from $20 to $200. Once the victims move the amount, they will gain access to a private key to decrypt all files that were encrypted by cybercriminals.


Received A Jigsaw E-mail? Follow These Steps To Protect Your System

To remove jigsaw ransomware from your system, please follow the steps outlined below:

  1. The first step in removing the ransomware is to reboot the system in safe mode.
  2. The manual process of removing the jigsaw ransomware can be a bit tedious, but not impossible. But if you want to avoid these hassles, you can download various Jigsaw Ransomware Removal Tools like “SpyHunter”.
  3. Open your Windows Hosts file and remove all the IPs added by the ransomware. Open the Run window and then, paste the following code to open the host file “notepad %windir%/system32/Drivers/etc/hosts”.
  4. Next, open the system configuration window by typing MSConfig in the Run window and click enter. Click on the “Startup” tab. Now, uncheck every entry marked as “UnKnown” in the manufacturer’s column.
  5. Similarly, open the task manager and for unsuspicious processes, right-click on the process and click Open File Location to go to the parent folder and delete it.
    Remember to take caution, as the last thing you want is deleting the system files. Use Google to look for the processes added by Jigsaw ransomware or check the forums to see what other jigsaw victims have posted.
  6. Next step is to clean the registry. Open the Registry Editor and start a search for the entries named with “Jigsaw”. Delete those entries. Remember to be careful, or you may end up deleting critical system information
  7. In the search window, type %Temp% and delete everything in that folder.


protection against ransomware


How To Decrypt Files Encrypted By Jigsaw Actors?

Once your files get encrypted by Jigsaw ransomware, there is no need to panic. There are various Jigsaw Removal and Decryption tools available online. Let’s see how to decrypt your files infected with Jigsaw.

  • Before decrypting the files, it is crucial to ensure the ransomware gets removed from the system. Download “Malware Removal Tool” and scan the system thoroughly, eliminating all dangerous malware and ransomware.
  • Next, download any Jigsaw Decrypter tool from the internet and open the tool.
  • Choose the directory and click “Decrypt Files” to decrypt all the files encrypted by Jigsaw.
  • Remember that this process might take a lot of time, depending on the number of files, size, etc. It is better to run this process during the night when it is not in use.


How To Prevent Jigsaw Ransomware Download?

Let’s look at some tips to keep you protected from jigsaw actors:

  • The principal weapon used by these hackers is to instill fear in the minds of the users about losing their valuable data. But, if they back up their data regularly and have a full back-up readily available, they don’t need to worry about any ransom demands or complying with them.
  • Next thing to remember is to stay alert when opening e-mails. Users must be vigilant before clicking URLs on e-mails as it could be a phishing e-mail. Always hover over the URL to ensure it takes to original place as intended, or it is a fake URL. Also, check the “from” address and see if it is genuine.
  • Make sure to keep the anti-virus and anti-malware systems updated all the time.
  • Adjust the browser and privacy settings for added protection.
  • It is prudent to abstain from opening e-mails from unknown senders.



Jigsaw is a ransomware scam which infiltrates systems, encrypts files, and then makes ransom demands. There is a probability of jigsaw victims paying the ransom, and their data not being decrypted. Hence, users must desist from contacting the hackers or paying the ransom. It will only provide a gush of fresh air to their malicious intentions. The key to tackling such ploys is staying alert and sensible to phishing e-mails and use ransomware protection. For preventing data loss, it is essential to take regular back-ups and check the genuineness of URLs and attachments before clicking them. It is also vital to have the latest anti-malware and anti-virus software installed on the system.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes