Severity scale  
  (99/100)

Jigsaw ransomware virus. How to Remove? (Uninstall Guide)

removal by - -   Also known as .Fun ransomware | Type: Ransomware
12

Should we be afraid of Jigsaw ransomware in 2017?

Jigsaw ransomware virus is a powerful computer threat that is capable of encrypting target files. This threat is also known as .fun file extension virus as it started its activity with this extension appended to victim's files. However, security experts detected several updated versions of Jigsaw ransomware in 2016 that use .kkk, .gws, and .btc file extensions. Recently, they discovered its German version which appends .versiegelt file extension and the French version which adds .encrypted extension to the target files. The latest version appends .hush file extension to the target files and resembles Locky, CryptXXX, TeslaCrypt, and Cerber viruses. The initial characteristics are the same as these well-established programs. Jigsaw gets into the computers stealthily, scans the system for files and encrypts them using an AES algorithm. Just like the ransomware viruses, this virus does not grant access to the file decryption key until the victim pays a ransom. However, while other ransomware only threaten the victims to delete the locked files if the ransom is not payed, Jigsaw ransomware actually does it. In fact, once the virus encrypts the files it sets a 60-minute timer for the victim to pay the required sum of money. If the transaction is not carried out within the given hour, one file is deleted from the computer[1].

A much harsher punishment awaits those, who try to remove Jigsaw virus or reboot the computer. Such actions are said to lead to the loss of around a thousand files[2]. The pressure of not being able to turn the computer off and the countdown timer ticking on the screen pushes the users into paying the ransom. Of course, it must be paid in BitCoins[3]. Even though this virus may seem frightening, it is possible to remove it from the computer and even unlock your files. Unfortunately, practice shows that even the most sophisticated antivirus software like, for instance, Reimage may have trouble with the malicious ransomware such as Jigsaw removal. For this reason, we provide some tips on how you can remove this virus from your computer manually, or, at least, lessen its functionalities to the point where the antivirus can take over.

An illustration of Jigsaw ransomware virus

Nevertheless, if you are not yet put under the time pressure to save your files, there are some more facts we would like to share, which you might find interesting. When the Jigsaw first infiltrates the computer, the victim usually does not even suspect some fraudulent activities are being carried out on the computer. Some minor system slowdowns and errors might give the virus away but it is really difficult to catch this virus in action. The victims usually find out about the invasion only when the files are already encrypted, and a ransom note with a famous character from the movie "Saw" in the background appear on their computer screen. The note explains the current situation, and asks the to pay the $150 USD ransom and gives a set time limit to perform the transaction. It is not advisable to follow any of the orders because you may not only lose the files but be robbed of your money as well.

Variants of Jigsaw virus:

Payransom ransomware virus. This malware variant uses AES encryption to render victim's data useless, and it demands 150 dollars in exchange for a decryption software. Just like the initial version of Jigsaw, it promises to delete a part of victims files each hour until the ransom is paid. The threatening ransom message of Payransom virus informs that the ransom price will be doubled after 24 hours of non-payment and tripled after 48. If you do not want to lose your files, it is better to remove Payransom immediately as this way your data will be encrypted, but not deleted. This way, you might be able to recover them after some time. Unfortunately, it seems that Payransom decryption tool has not been discovered yet.

Payms ransomware virus. It appears that this ransomware variant has been built based on Jigsaw's code. Therefore, these viruses act similarly. This virus asks for the same amount of money like Payransom virus does - 150 USD. If the victim does not pay up the ransom within 24 hours, the price of the decryption software increases to 225 USD. This malware adds .pay, .payms or .paymst file extensions while encrypting the data. Luckily, you do not have to pay the ransom to retrieve your data - you can recover it with a help of this decryption tool. Before you use it, you must delete the virus from the computer.

CryptoHitman ransomware virus. Yet another version of Jigsaw, which appears to be a disgusting virus that can cause you problems at work or home. This nasty virus stands out of other ransomware variants because it changes desktop wallpaper with a pornographic picture and appends .porno file extension to encrypted data. Fortunately, you do not have to pay the ransom that CryptoHitman demands, as a free decryption tool for this virus has been already released. You can download it here. If you have become a victim of this computer threat, remove it using a powerful anti-malware software and start decrypting your files with a help of the aforementioned decryption tool.

We Are Anonymous ransomware virus. "We are Anonymous. We Are Legion. We do not forget. We do not forgive. Expect us." This is how the virus greets the victim after it finishes encrypting all files on a compromised computer. The latest variant of Jigsaw locks victim's data using advanced encryption technology and appends .xyz file extension to each file. The user is asked to transfer 250 USD to a provided Bitcoin address in order to receive a decryption tool. Luckily, data can be decrypted charge-free with a help of this We Are Anonymous Jigsaw ransomware decryption tool. As always, do not forget to delete the ransomware before you run the decrypter.

German Jigsaw virus. This ransomware showed up in the end of October. Once inside the system, it encrypts victim's files and adds .versiegelt extension to each of them. In exchange for the  decryption service, it asks its victim to pay 100 euro in Bitcoins. It is not a big amount of money when comparing with other ransomware threats. It is also worth mentioning that the language of its warning message is written in German, so there is a high possibility that it spreads only in German-speaking countries. Make sure you remove versiegelt virus before it damages your files.

French Jigsaw virus version was discovered in the middle of November 2016. This ransomware encrypts victim's files and adds .encrypted file extension to each of them. In addition, it shows a ransom note that says: "Vos fichiers ont été cryptés et vous ne pourrez les récupérer que si vous vous acquittez de la somme demandée." [...] If you can see this warning message on your desktop, stay calm and don't even think about paying the ransom. You can use one of methods in our "Data recovery" section to decrypt your encrypted files. However, before you do so, you need to remove Jigsaw ransomware (French version) from your computer.

Epic ransomware virus is the newest version of the Jigsaw virus which, once again, operates under the name of the Anonymous hacktivist group. The lock screen and ransom note of this virus can be seen below. The virus follows the typical pattern of the Jigsaw ransomware: it gives the victim an hour to pay for the files. After this time runs out 1-5 files are deleted from the computer. If the victim tries to fight the virus and turns off the computer. The next time it is booted, the virus may delete not 5 but a 1,000 files. What is more, the hackers demand an outrageous 5000 dollars for the data recovery, but just like with the rest of the Jigsaw versions, the outcome of such collaboration is completely unpredictable. Thus, it is better to get rid of the virus instead of playing according to the hackers' rules. 

Crypt.Locker ransomware virus. It is another name for Epic ransomware version. As the image below shows, the virus addresses the victim with such lines: "Very bad news! I am so-called crypt.locker with the following advanced functions." The virus appends .epic extensions to encrypted records and asks to pay a ransom of $5000 in Bitcoin currency. Such sum is enormously huge, and you shouldn't give it away for some cyber criminals. We suggest you remove Crypt.Locker virus and restore at least part of your data from backups. Please ignore virus' threats about leaking your data to your contacts - the virus is trying to convince you to pay up, but the first thing you should do is to complete Crypt.Locker removal. If you're thinking about paying the ransom, you should know that there are lots of cases when victims paid the ransom but never obtained the decryption software. The same can happen with crypt.locker decryptor that criminals suggest buying.

Jigsaw developers have just released HACKED ransomware virus -- the latest version of the virus. Currently, the parasite's distribution is quite low, nevertheless, the virus does not seem to be any less dangerous than the Jigsaw's previous versions. Though it does not require the victims to pay appalling amounts of money, it now gives less time, only 24 hours to issue the payment of 0.25 or 0.35 Bitcoins. Besides, the new version of the virus now adds .Locked and .locked extensions to the affected files which stokes speculations about a potential new project between Jigsaw and Locky virus developers.

the second version of Jigsaw

How can this ransomware infiltrate your computer and lock your files?

It is not yet known how Jigsaw ransomware actually spreads. Looking at the examples of other ransomware viruses it is likely that the infiltration can happen through an infected spam attachment or a Trojan virus. Therefore, you have to be particularly cautious when browsing online. Avoid clicking on random links, ads and software updates you do not need. Trojan virus may be hiding behind even the most regular looking advertisements. Also, try downloading your software only from the reliable sources and always check it the downloaded application does not contain additional software waiting to be installed on your PC. As for the email, you should keep away from the "Spam" section as all the suspicious correspondence is sifted and sent to this specific folder. Nevertheless, some rogue programs may slip through to your regular inbox as well, so the best option is to obtain a reliable antivirus software to guard you against undesirable programs, including the Jigsaw virus.

Beware of unexpected Christmas presents: Jigsaw programmed to attack you after December 23th

It seems that criminals are feeling a bit different vibe this holiday season than everybody. Be aware of "tis the ransomware season" phenomena, because authors of Jigsaw ransomware have developed yet another version and prepared new technique for its distribution. Currently, frauds are distributing a fake Bitcoin stealer called Electrum Coin Adder v1.0. This tool is ostensibly capable of stealing Bitcoins only by having a certain transaction ID, however, this tool is only a bait for people who want to earn money the easy way. It appears that Electrum Coin Adder actually installs BTC stealer and also downloads and sets up Jigsaw ransomware on the computer. Now, an interesting fact is that this Jigsaw virus has an interesting line in its code - config.ActiveAfterDateTime = new DateTime(2016,12,23). The virus is set to encrypt all files and add a .fun extension to them. However, the virus is only going to bring you sorrow and stress just before the holly jolly Christmas. Make sure you have an up-to-date anti-malware tool and don't forget to scan your PC before this date if you have downloaded any suspicious programs, opened questionable email attachments or installed Electrum Coin Adder virus itself!

How to remove Jigsaw malware?

As mentioned before, it is possible to remove Jigsaw virus from the computer and, luckily, to recover the locked files. The security experts have discovered that the locked files do not necessarily have to be bought out and can be decrypted for free[4]. The first thing you should do is go to your Task Manager and kill the firefox.exe and drpbx.exe processes[5]. This should ensure that no more files are deleted from your computer. Then, run the MSConfig and terminate the firefox.exe startup which initiates the virus. Once the virus startup is terminated, you can use Reimage or PlumbytesWebroot SecureAnywhere AntiVirus to scan your computer for this malware. Do not forget to run an extra scan of your system to make sure all of the virus components are completely removed from the computer. Following these steps combined with the Jigsaw removal instructions provided below, should help you to get rid of this treacherous virus safely and without causing damage to your files.

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Jigsaw ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Jigsaw ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2017-01-02 03:59)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2017-01-02 03:59)
Hitman Pro
Webroot SecureAnywhere AntiVirus

References

Method 1. Remove Jigsaw using Safe Mode with Networking

If you can't launch Jigsaw remover and scan your computer, you should follow the steps below to reboot your computer to Safe Mode with Networking.

Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Safe Mode with Networking from the list
Select 'Safe Mode with Networking'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Select 'Enable Safe Mode with Networking'
Step 2: Remove Jigsaw

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Jigsaw removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Method 2. Remove Jigsaw using System Restore

If Safe Mode with Networking method fails to help you, you should try System Restore. Once you set your computer to the previous date, you should scan the system with anti-spyware software.

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list
Select 'Safe Mode with Command Prompt'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Select 'Enable Safe Mode with Command Prompt'
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
  • Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of Jigsaw. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
  • Now click Yes to start system restore. Click 'Yes' and start system restore
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Jigsaw removal is performed successfully.
Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Jigsaw from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If you are struggling with the recovery of your files encrypted by Jigsaw ransomware, you should take a look at our bonus instructions. Please, do NOT pay the ransom because there is no guarantee that hackers will give you the key that you need in exchange for your money. To get your files back, you can use one of these options that are free to use.

If your files are encrypted by Jigsaw, you can use several methods to restore them:

Use Data Recovery Pro to restore files encrypted by Jigsaw

Data Recovery Tool is a handy program that offers its help for those who accidentally removed their files or got infected with ransomware. Make sure you follow the setup wizard to use it properly.

Use Windows Previous Versions to recover your files encrypted by Jigsaw

If your files are encrypted by Jigsaw ransomware, you can try to recover them with the help of Windows Previous Versions feature. However, it works only if System Restore feature was enabled before the infection. To check whether this method works for you, follow these steps:

[/GIS-HEADER]

  • Find an encrypted file you need to restore and right-click on it;
  • Select "Properties" and go to "Previous versions" tab;
  • Here, check each of available copies of the file in "Folder versions". You should select the version you want to recover and click "Restore".

Recover your files with a help of Jigsaw decryptor.

Security experts work hard to help people after infiltration of ransomware virus. That's how such tools as Jigsaw decryptor show up on the Internet. Once you remove Jigsaw from your computer, you can use it to unlock your files.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Jigsaw and other ransomwares, use a reputable anti-spyware, such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Linas Kiguolis
Linas Kiguolis - Expert in fighting against malware, viruses and spyware

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Removal guides in other languages


Information updated:

Comments on Jigsaw ransomware virus

0
0
Lora
remove from the PC Immediately when you unlock the files! It may lock your files again if you dont!!!
0
0
jigsawmaster
I WANT TO PLAY A GAME
0
0
NathanTheWhale
Hahah, this virus wants to look so scary!
0
0
Liam_Bane2001
But these guys sure lack imagination.... Jigsaw virus??? Meh

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)