It’s official—2016 is the worst year for ransomware on record. Nasty malware like Mischa, Petya, and Samsam are making the rounds. But Jigsaw, which showed up two months ago, stands apart from the rest.
Jigsaw made its debut in April, the worst month for ransomware attacks in the US on record. As malicious malware hit hospitals, school districts, and government offices, Jigsaw was just out for a joy ride.
This malware, inspired by the Saw movie franchise, locks your data up and cuts it apart piece by piece. Every hour after infection, Jigsaw deletes some more of your files, until after 72 hours there’s nothing left.
Even worse, if you try and force-reset your computer to stop the process, Jigsaw punishes you by deleting 1,000 of your files. Unlike other ransomware, which threaten to delete your files if a ransom is not paid, Jigsaw actually follows through in a cruel and unusual fashion.
But the aim of the Jigsaw virus seems to be chaos, not money. The money demanded is far smaller than any other crypto-ransomware and varies wildly, only asking for $20 to $200 USD worth of Bitcoins. This leads many experts to believe Jigsaw is out to cause chaos, not earn cash.
How does Jigsaw infect systems?
Jigsaw is spread by spam e-mails with malicious attachments. Once it sneaks onto your system, it pretends to be either your Mozilla Firefox web-browser or file-storage service Dropbox by using the process names “firefox.exe” and “drpbx.exe”. While it’s doing this, it’s going to town on your Windows registry, adding entries to boot itself whenever you start your computer.
What can I do about Jigsaw?
Thankfully, several security researchers have discovered a way to decrypt Jigsaw-encrypted data so you don’t have to pay a ransom. However, this means you have to enact a countermeasure within an hour to not lose any data at all—a small window when you’re dealing with such a vindictive virus.
As with any ransomware, the only true defense is a proper 3-2-1 backup plan and using secure backup software to do it (E.g. BackupAssist). Make sure you have three backups on two different storage media, with at least one of the backups off-site. Remember, even if your system is compromised by ransomware, it can’t do any real damage if you’ve got a copy of the data it’s destroying!
BackupAssist is offering a fully-featured and free 30-day trial. Try it out and get protected.