Jigsaw Ransomware Removal Guide

We want to inform you about a new and very dangerous ransomware called Jigsaw Ransomware. You must remove this infection immediately after detecting it because it will start deleting files every hour after the encryption. Note that you will not be able to access the encrypted files until you decrypt them. We do not recommend that you purchase the decryption key because you might not get it. However, we have some good news. There is a third-party decryption tool that can decrypt your files for free. Please continue reading this description to find out more about how this infection works and how you can get rid of it and restore your files.

It seems that Jigsaw Ransomware’s developers were inspired by The Jigsaw Killer because it features a picture of this fictional character on its ransom note. This ransomware is unique because it was configured to delete your files as the time passed. Depending on how many files you have on your hard drives, this ransomware will erase a specific amount of files every hour. The ransom note says that you have 24 hours to pay the ransom and that if you do not pay the ransom, then after 72 hours it will erase all of the encrypted files. This ransomware’s developers demand that you pay 150 dollars in Bitcoins (0.4 BTC.) This sum of money may be a lot for some, so it would be a shame if the developers did not hold their end of the bargain. And, there is a good chance that they will not because firstly, they do not care that much about your problem, and two, Jigsaw is an unstable piece of software so it may not register your transaction. Especially since it needs your PC to be online so that it could check Btc.blockr.io/api/v1/address/balance/uniquewalletnumber to verify that you have made the payment. This system is unreliable and prone to errors.

Jigsaw Ransomware works by first scanning your computer for certain file types that usually contain personal and sensitive information. The list of file types it can encrypt is quite extensive, and it includes image files, video files, audio files, documents, and so on. When it encrypts the files, it adds a .FUN, .KKK, .BTC extension to each file. Then it adds the filenames of all encrypted files to a list at %UserProfile%\AppData\Roaming\System32Work\EncryptedFileList.txt. It is important to note that it creates an autorun that launches this ransomware on system boot up, but it will delete 1, 000 files on each start up. However, there is a way to get rid of Jigsaw Ransomware and restore your files back to normal without having to pay a dime.

Usually, a ransomware that uses the AES encryption algorithm is next to impossible to crack. However, in this case, it is possible because this ransomware’s encryption algorithm was not that strong. Now, before you try to decrypt your files, you must remove Jigsaw Ransomware from your computer. There are two ways you can do this. First, you can get rid of the files manually, by terminating their processes and going to each folder and deleting them, and second, get our featured anti-malware program called SpyHunter that will get rid of this infection in its entirety. Only then you can download a third-party decrypter at https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip. Run this tool and click Decrypt My Files.

We hope that this short description was useful. Unfortunately, we do not know how this ransomware is disseminated, but a powerful anti-malware program will keep your computer out of harm’s way by terminating unsanctioned actions such as secretly dropping malicious files. Jigsaw Ransomware is a dangerous malware, and the sooner you remove it, the more files you will be able to save. The decrypter we put a link to in this description should restore all of your files, but there are no guarantees. Feel free to leave a comment in the comment section below sharing your opinions and shedding some light on how it may have gotten on your computer.

End Jigsaw Ransomware process via Task Manager

1. Right-click on the Task bar and select Task Manager.
2. Select Processes and find processes named firefox.exe and drpbx.exe.
3. Right-click on those processes and clicks End Process.

Remove this ransomware’s files

1. Press Windows+E keys.
2. Enter the following addresses in the address box.
   • %LOCALAPPDATA%
   • %UserProfile%\Local Settings\Application Data
3. Delete the file named Drpbx drpbx.exe
4. Then, go %APPDATA%\System32Work to and delete a file called Address.txt

Delete the registry key

1. Press Windows+R keys.
2. Enter regedit in the box and click OK.
3. Once in the Registry Editor, find HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run firefox.exe
4. Right-click on Run firefox.exe and click Delete.
5. Done.